15 December 2010

Can Open Source Be Trusted?

Theo de Raadt is one of the key hackers outside the mainstream GNU/Linux world. Here's his self-penned bio:

I am the founder of OpenBSD -- a freely redistributable 4.4BSD-based operating system with an emphasis on security. Donations allow me to put my efforts into OpenBSD and related projects. In 1999, I created OpenSSH with other members of OpenBSD. It is now incorporated into all Unix systems plus hundreds of other network enabled products. It is now the most "vendor re-used" piece of open source software, with more than 90% of the SSH market.

On Open Enterprise blog.

2 comments:

Pierre said...

Ken Thompson (ACM award) responded to the question in 1984:

http://cm.bell-labs.com/who/ken/trust.html

Having the source code does not allow you to find (any serious) backdoor.

When you are "open" to anybody, chances are that the crooks will get into the game.

To paraphrase Bruce Schneier, "adopting software is a matter of trusting the author".

While you can sue an individual for injecting malicious code in his program, open-source makes accounting impossible in this area.

Glyn Moody said...

@Pierre: interesting link - thanks