Conversation
Notices
-
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 19-Jul-2018 22:03:51 EDT Mike Gerwitz @privacylab The article also mentions:
> In 2006, the same period when ES&S says it was still installing pcAnywhere on election systems, [attackers] stole the source code for the pcAnyhere software, though the public didn’t learn of this until years later in 2012 when a hacker posted some of the source code online, forcing Symantec, the distributor of pcAnywhere, to admit that it had been stolen years earlier. Source code is invaluable to [attackers] because it allows them to examine the code to find security flaws they can exploit.
It's worth noting that access to the source code of the software should have no impact on the security of that software---"security through obscurity", as it is called, is not security. Users should expect that the source code for all software they use has been made publicly available (and is free/libre software) as a precondition for any claims of "security" so that anyone and everyone can audit it, track changes, and improve upon it.-
Yale Privacy Lab (privacylab@mastodon.social)'s status on Friday, 20-Jul-2018 11:42:45 EDT Yale Privacy Lab @mikegerwitz as we say in teaching materials... Access to source is a prerequisite for - not a guarantee of - software security.
-