One Thing To Do Today: Choose Open Source ( #opencybermonday )

In honor of #opencybermonday, it seems to be a good moment to point out that security minded folks tend to also be open source advocates. To sum up the problem, commercial product manufactures rely on “Trade Secrets”  to protect the IP of their lock design, this replaces actually making better locks.  Companies that hide their code can be more easily pressured into installing back doors. They may conceal vulnerabilities to avoid bad PR.  The Open Source Initiative has posted a nice nontechnical primer with a bank-safe analogy.

When designing a secure system, every secret that must be kept provides a point of weakness. Bruce Schneier makes that point well, and pretty much every article on this topic quotes him.   Let’s go straight to the source:

David Wheeler has maintained a website dedicated to teaching programmers how to write more securely since 1999. He comes down on the side of open source while acknowledging the issues. The Heartbleed bug scared many people off, but for the wrong reasons. Weaknesses in open source projects arise because people who use the code aren’t participating in maintenance, even thought there are good reasons to. Even if you don’t feel comfortable contributing code yourself, support the foundations that run big projects (via Hack-a-Day). If you’re in the market to buy a product, check to see if the company about to get your money supports the cause.

Don’t only require open source from your desktop operating system. Reach out to companies like car manufacturers with the reasons open source would be better for their products, and why that’s a shopping criteria for you. If you are a manufacture consider using a platform like IoTivity to underly your products. The Open Source Hardware Association has recently started a certification process.  You can use Crowdsupply to fund it. There are several open source laptop projects.  This open source hardware philosophy can be pushed down to the silicon.

To learn more, go ahead and check out #opencybermonday on twitter.

[updated] to add reference to Crowd Supply via BoingBoing in last paragraph.


I make things that do stuff. The best, though, is teaching others to do the same. Founder of @crashspacela Alum of @ITP_NYU

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.