- Internet dating services often advise first meeting in a public, crowded place.
- A million-dollar statue in the middle of an always-crowded room is safe from theft.
- Robbers avoid well-lit houses as they are more likely to be seen approaching them.
In computers, openness is used to solicit community feedback on security problems. This would seem to make software more vulnerable by making their interior known, akin to the a building’s blueprints public. But this actually makes them more robust and useful, like a lock thousands have tried to pick and can modify themselves to make more secure. Of course, buildings are expensive to rebuild to fix inherant security problems but software is much easier to rewrite.
Several elements are important to Security Through Openness:
How many people could see something amiss.
As it is so carefully looked over by a variety of developers daily, security problems are quickly found and repaired.
Conversely, sometimes to garner the attention of security-aware developers, they must first be popular. Open programs that have not been critiqued and tested are often flawed and broken as in the case (http://www.mit.edu:8008/bloom-picayune/crypto/14238) with CIPE and VTun.
As in the example of a building’s blueprints, something that cannot change once a vulnerability is found is not secure. A lock on a door can be replaced with a better lock. Software can be rewritten or patched.
- Countries concerned with corporate loyalty to their home country are rarely available to purchasing software whose internals are not made open to them. This is why open source has become increasingly embraced on the International stage and in countries like North Korea and China who are wary of western interests. Other countries like Germany are worried about painful licensing issues.
- Loss of Privacy
- This type of Security Through Openness can lead to a loss of privacy. For instance: credit card freud; when you use cash you are obscure and difficult to track but when you purchase with your credit card, you are not. By knowing what you buy, your information is open to your credit card company so they can recognize out-of-character purchasing habits and block spending with your card. Because your credit card company now knows everything you buy in the interest of keeping you safe, you have sacrificed privacy for security.
TakeDown.NET -> “Security-Through-Openness”