OSDL & Linux in the Enterprise

Barry's uncle writes "vnunet.com has an interesting interview with William Weinberg of the Open Source Development Lab (OSDL), talking about new Linux trends, challenges and security."

Moo

[Chacham]

What about security?

Security has two big facets: actual security and the perception of security. What we don't want to see the world continue to do is rely on security through obscurity. We do not believe that is a good approach.

Openness is a great approach to security because all systems are hackable. People have been cracking proprietary systems for years without access to source code. The theory goes that source code makes it easier to perform certain kinds of cracking.

The big difference openness gives the world is that it gives [people] the opportunity to repair the fault and to do so in a more timely fashion to prevent further exploits, and so keep the system more secure.

And the community of folks who are interested in doing that is much larger, so we firmly believe that open systems over time are more secure than closed systems, and [that] at any given point in time they're more secure as well.

That is one aspect of it. But obscurity also has its advantages.

Ideally, if there were hundreds of open source packages to choose from, using one, but not telling anyone else which it is, should be even safer, as it has all the benefits of open source, and mostly all the benefts of obscurity.

It's a fine line to tread, but one that should not be forgotten.