1. 7

  2. 1

    A reasonable corollary is that software whose source code is actively withheld is probably exploitable. This is the security-oriented argument for Free Software, leading to Linus’ Law.

    1. 2

      More likely than public source code, maybe. But there aren’t quite as many eyeballs as we’d like to believe. See also that recent Linux kernel hypocrite bug fixes incident.

      1. 1

        That’s fine for software which isn’t formally proven correct. All unproven software has to be either trivial to prove correct or have some outstanding bugs, by definition; as a result, most software is buggy. Thus, it’s enough to simply point out that Free Software can have fewer bugs, not that it has no bugs.

    2. 1

      I like the framing here, quite a bit. Overall, it’s very well-put.

      This part does not align with my experience, though:

      Unfortunately, the common framing of Kerckhoffs’s law has meant every engineer will detect and flag the use of an obscure, homebrew crypto algorithm but will happily stamp an encryption scheme that never rotates the key (or worse, can’t rotate the key).

      In those cases where I’ve seen a system proposed without a reasonable story for key rotation, they’ve been shouted down quickly and I didn’t even have to do so myself.

      Is there a prominent example or two where this has happened that I’m not remembering?