The coming push for open source everything

Filed under
OSS
Security

With the news about PRISM and other clandestine data-vacuuming operations in place all over the world, it's clear there's a problem. It's not just about hoovering up information from millions of people -- it's the vast number of devices that can no longer be trusted for use in business and government.

When the code running anywhere along a data path is not open source, there's a chance it's doing something you can't know about and potentially transmitting data to someone who shouldn't have it. That possibility should serve to upset even nontechnical executives, to say nothing about governments all over the world.

Last year I wrote about how easy it is to place backdoors within corporate networks using Swiss Army knife-type tools, but those still require someone to physically place them within a building or at least to be hooked up to a network jack. Wouldn't it be easier for the spies to make sure the network devices you purchase, such as routers and firewalls, are already backdoored?

rest here