- cross-posted to:
- technology@lemmy.ml
- cross-posted to:
- technology@lemmy.ml
The backdoor, known for years by vendors that sold the technology but not necessarily by customers, exists in an encryption algorithm baked into radios sold for commercial use in critical infrastructure.
But I was told that closed-source is more secure, surely nobody lied when they said that
Anyone saying that is definitely wrong, it is neither more secure or less secure just on the basis that it is closed or open source. There are processes that all types of software must take to ensure there are limited vulnerabilities. Security audits, pen testing, code scanning, etc.
To add to this, in this case there is even some rationale for being closed source - given the critical nature of the code, less visibility means availability to examine it for exploit opportunities. But that’s just one side of it, right? Open source might mean more opportunities to find and fix possible exploits as well.
There is some security to obscurity, but I’d argue that the more prevalent a system is the more having visible source adds security. When it comes to unscrupulous behavior by vendors - like those who would embed backdoors in communications element - shining light on the farm corners of their code definitely provides some security.
At the very least, if the company that supplies a product goes under, there’s a better possibility of getting a new vendor to support or patch it if they can actually get their hands on the source.