I was reading in the news recently that a power grid in Australia was infected by a Windows virus. The quick thinking technical specialists there quickly swapped over to Linux machines that they were using for another use, and thus no major outage occurred.
This is a great example of how Open Source is not cheaper, but better than the proprietary offerings from major companies that are only in it to make profit. It came down to "security through transparency" over "security through obscurity". I have no real problem with people making money from their work, but when it comes to systems that are mission and life critical, I do not think they have their customer interests in their agendas. It may sound like a conspiracy against the major organisations, but how far fetched is it, really? Short term plans may be to enable their customers to do what they need to do, but long term strategies would be to ensure that customers do not leave to utilise the services and products of another competitor.
"Security through transparency" is not new - although it may have only been termed recently. The person who came up with the concept, Auguste Kerckhoffs, did it over 100 years ago. "Security through obscurity" is marketed by proprietary companies that are hoping that no one will be able to figure out their secrets, and thus keeping their systems safe and working as expected. The problem is that over time, someone seems to always figure this stuff out, and then figure out how to exploit it. It tends to give individuals and companies that rely on these systems a "false sense of security".
No comments:
Post a Comment