|
04.
06.
2010
The mathematics of obscurity
Michael Roitzsch
TU Dresden
WEIS-Probevortrag
What is more secure, software with secret source code or software with
open source code? If you ask a randomly chosen group of computer-literate
people this question, prepare to find yourself in the middle of a brawl
on whose opinion is correct. It is more difficult to find errors when
source code is secret. More people search for errors when source code is
public. These counteracting effects are pivotal to the question whether
openness fosters security. Errors in software are found by people with
either constructive contribution or exploitation in mind. Focusing
exclusively on this discovery aspect, we present a probabilistic model,
which allows us to compare the open source and closed source situations.
|
