extreme newbie
Mike Meyer
mwm at idiom.com
Tue Jun 21 23:26:06 EDT 2005
Steven D'Aprano <steve at REMOVETHIScyber.com.au> writes:
> On Sat, 18 Jun 2005 15:00:02 +0200, Renato Ramonda wrote:
> Hiding the source code does not make software more secure. Any bugs and
> security holes will be there whether the software is distributed in source
> code, object code, or something in between.
I'm going to be pedantic about this.
One definition of "more secure" is "has fewer security holes". With that
definition, hiding your source code doesn't make any difference.
Another definition of "more secure" is "has a higher cost to break
into." By that definition, hiding your source code *does* make your
software more secure. It's easier to find security holes by examining
source near "insecure" operations than it is by trial and error.
On the flip side, Thompson <URL: http://www.acm.org/classics/sep95/ >
has shown that distributing source is not a preventative for trojans.
<mike
--
Mike Meyer <mwm at mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
More information about the Python-list
mailing list