And if your using Open Source Code, don't that open a channel for hackers to figure out how to bypass it?
-Tinman57
That's part of an interesting debate in the world of computer security.
One school of thought says it would be a bigger risk being open. The other school says that attempting "security through obscurity" is a pipe dream. Because the only real workable security solution is something that can survive an attack despite being completely open and widely understood. It's almost a Darwinian philosophy - as in 'survival of the fittest.'
There appears to be a good bit of practical wisdom in an open approach since malware itself (especially the zero-day variety) depends heavily on obscurity to avoid detection. However, once identified, such threats are quickly analyzed, reverse engineered, and eliminated. Often within hours.
In some respects, when it comes to security (i.e encryption, anti-malware, etc.) the
only products you can possibly trust completely are the "open" ones since 'black box' (or "FM"
) security apps can only be deemed as trustworthy as the people who create
and distribute them. And there are plenty of bogus security apps out there.
It's a tough call deciding which philosophy is more correct. But so far, the 'open' approach to security seems to afford a greater degree of protection.
One thing for sure - there's no rest for the wicked. Or the "good guys" for that matter.
