European Commission Recommends OSS to Fight Echelon

CrossRhythm writes: "The European Commission Resolution on Echelon encourages the Commission and Member States "to promote software projects whose source text is made public", to lay down a standard for the level of security of e-mail software packages, placing those packages whose source code has not been made public in the "least reliable" category," and "systematically to encrypt e-mails, so that ultimately encryption becomes the norm"."

Re:This is stupid

[All+Dead+Homiez]

You're missing an important point: how do you know that a given closed-source email encryption/decryption engine does not "leak" keys? You have no sure way to know that your keys won't wind up:

• "Accidentally" sent packed into an IP header and sent to the NSA
• Somewhere in your swap space, because some coder doesn't know how to lock memory correctly
• Somewhere else on your hard drive, because some coder doesn't care about protecting your keys (or know what he's doing).
• Compromised in response to a malicious message that the program is trying to decrypt. Don't forget about buffer overflows.

Trusting a closed source application means that you're trusting every programmer who ever wrote a line of code for the application. When you can't see that code to make sure it's not crap, you've got a security nightmare waiting to happen.

-all dead homiez

Re:funding.

If companies/academics request R&D funding from the European Commission, they are already urged to license the software as open source (to get a better chance of getting funding). These guidelines started popping up for more then a year now.