this post was submitted on 04 Feb 2022
15 points (85.7% liked)

Security

5010 readers
1 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS
gary_host_laptop@lemmy.ml
15
The right thing for the wrong reasons: FLOSS doesn't imply security (seirdy.one)
submitted 2 years ago by Seirdy@lemmy.ml to c/security@lemmy.ml
18 comments fedilink hide all child comments
 

I find people who agree with me for the wrong reasons to be more problematic than people who simply disagree with me. After writing a lot about why free software is important, I needed to clarify that there are good and bad reasons for supporting it.

You can audit the security of proprietary software quite thoroughly; source code isn't a necessary or sufficient precondition for a particular software implementation to be considered secure.

you are viewing a single comment's thread
view the rest of the comments
[–] Seirdy@lemmy.ml 2 points 2 years ago (1 children)

Linters are a great thing I should've mentioned, esp. ones like ShellCheck. The phrase "low-hanging fruit" has been doing a lot of heavy lifting. I should mention that.

I talked a lot about how to determine if software is insecure, but didn't spend enough time describing how to tell if software is secure. The latter typically involves understanding software architecture, which can be done by documenting it and having reverse engineers/pentesters verify those docs' claims.

It's getting late (UTC-0800) so I think I'll edit the article tomorrow morning. Thanks for the feedback.

[–] Seirdy@lemmy.ml 2 points 2 years ago (1 children)

@X_Cli@lemmy.ml I updated the post to add a bit to one of the counter args, with a link to your comment. Here's a diff

[–] X_Cli@lemmy.ml 1 points 2 years ago

Thank you <3