Slashdot Mirror
Snowden: What Happened In 2013 Couldn't Have Happened Without Free Software (networkworld.com)
An anonymous reader writes from a NetworkWorld article: NSA whistleblower Edward Snowden spoke at Free Software Foundation's LibrePlanet 2016 on free software, privacy, and security. He credited free software for his ability to help disclose the U.S. government's far-reaching surveillance projects. "What happened in 2013 couldn't have happened without free software," he said, particularly citing projects like Tor, Tails (a highly secure Linux distribution) and Debian. "I didn't use Microsoft machines when I was in my operational phase, because I couldn't trust them," Snowden stated. "Not because I knew that there was a particular back door or anything like that, but because I couldn't be sure."
Thanks Snowden for pointing this out, now we will see a movement against open source software because it aids terrorists, just like unlockable iphones or other means of secure communications.
With OSS you still need to trust people, but you need to trust fewer people, you know who those people are, and you can see who else trusts them. With proprietary code, there is a chain of trust that is only as strong as its weakest link. With OSS, there is a web of trust. I can look at the git log and see who wrote a particular algorithm, and I can often see what other code they have written. I can see the changes that were made later, and who made them. For many OSS projects, I can see who reviewed/audited the code. None of this is magic, and there is never a 100% assurance, but OSS has come clear advantages.
And yet.. Heartbleed.
In commercial software it would be found, documented, traced back, and fixed.
Only if the company made it a priority and budgeted for it. Then it would be rolled into the next release, which may not come for months, or even years. Oh, and the next release will only be installed by users that can afford the upgrade fee.