LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Looks like speculation

Looks like speculation

Posted Apr 11, 2008 13:36 UTC (Fri) by DanWeinreb (guest, #51526)
In reply to: Looks like speculation by nix
Parent article: Freezing More Than Bits: Chilling Effects of the OLPC XO Security Model 

When we are talking about security, and saying that it's important for security software to be
"open", what we mean by "open" in this context is that anybody should be able to see how it
works.  You want it to be inspected by experts.  Most important, you want to avoid "security
by obscurity", which experience has shown is a bad principle.

So whether it is standardized by a standards body has absolutely nothing to do with the case.
If a new version comes out, of course that needs to be re-examined and re-audited.  And if no
finalized version has come out yet, that just means that it's not time yet for final auditing,
but it's a great time for the public to point out flaws and suggest improvements.

Some of the papers on Bitfrost are written as if Bitfrost were completely specified,
implemented, in use, and so on.  If so, then someone has grounds for complaint.  But they
should carefully complain about just that, NOT that it's "not open".

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds