0:00

This is episode twelve … … of the Open Source Utopia Podcast.

0:07

With open source, security is both a benefit and a challenge.

0:13

But, what opponents of open source …

0:15

… call a challenge is actually a benefit.

0:19

The real challenge … … isn't making software open source,

0:24

it's a problem with you and me.

0:28

You see, in the physical world,

0:30

security means locking something away.

0:34

The critics of open source say …

0:36

… openness is the main security problem …

0:38

… with open source software.

0:41

“If digital criminals can see the code,”

0:43

“they will ferret out every way to attack its users.”

0:48

Closed source software has an answer,

0:51

and that is security by obfuscation.

0:55

Or, as I call it, hiding the problem.

1:00

In the digital world,

1:02

transparency can create more and better security.

1:07

So open source supporters,

1:10

like me, and you, I hope by now,

1:13

see a huge benefit in openness.

1:17

Everyone can see the code and test the code,

1:20

so it's hard to hide malicious functionality.

1:25

Making my code public …

1:27

… gives me an extra incentive …

1:29

… to focus on code quality as well.

1:33

And, if people find security issues …

1:35

… in open source code,

1:38

they can tell the thankful developer …

1:40

… and even contribute a fix.

1:43

So, the real challenge in open source security …

1:48

… isn't software security,

1:51

it's project sustainability.

1:54

Making sure … … that there are enough people involved …

1:58

… and supporting the project …

2:00

… to reap the benefits of the openness.

2:05

That is a job both for the developer …

2:09

… and those who are using the software.

2:13

Let's talk about Community Contribution.