Adequate security

Pretty much any piece of software that is complex enough to be interesting or useful has security holes.

It doesn’t matter if the software is closed-source or open-source, the studies that I’ve seen indicate that both kinds have about the same number of security issues. What’s primarily different between the two is the type of security holes that they have, because the approach to developing and testing software is different.

It’s tempting to say that open-source fixes security holes faster than closed-source projects, but that isn’t necessarily true either. It all depends on who is working on the project, how they approach things, and how responsive they are.

Even if the code itself is somehow unexpectedly, and miraculously perfect (let me know if you ever discover a software project where this is true – I won’t hold my breath, though), the security of it can still be compromised through included modules, libraries, the operating system and even the hardware on which it is all running.

You can’t achieve perfect security in an application. That just never happens – for one thing, it would probably be horribly unpleasant to use, which is a topic for another day. The best that you can hope for is security that is adequate to the task at hand, and the sensitivity of the data.

Adequate security is generally about the best you can hope for. Maybe adequate plus ten percent.

Alas, few projects (closed or open) generally achieve anywhere near that in the first five years of their life-cycle.

That means that you – as a user – are never going to be an idle participant in the software security game. You might wish that someone could take that burden of care away from you; look after your data, protect your passwords, guard your credit-card details, protect you from phishers and scams, malware and trojans.

But that’s just not going to happen.

Your best security tool is your brain… but only if you use it.

Tags: , , , , ,

Categories: Opinion, Security.



Got a news tip or a press-release? Send it to [email protected].
Read previous post:
Close