[prev in list] [next in list] [prev in thread] [next in thread]
List: dmca-discuss
Subject: [DMCA_discuss] The root of the problem: Bad software
From: "Jon O ." <jono () microshaft ! org>
Date: 2001-11-30 16:33:00
[Download RAW message or body]
----- Forwarded message from Vladimir Katalov <vkatalov@elcomsoft.com> -----
From: Vladimir Katalov <vkatalov@elcomsoft.com>
Reply-To: Vladimir Katalov <vkatalov@elcomsoft.com>
Organization: ElcomSoft Co.Ltd.
To: free-sklyarov@zork.net
Subject: [free-sklyarov] The root of the problem: Bad software
Date: Fri, 30 Nov 2001 10:51:49 +0300
Hello,
>From the interview with MsGrow, the autor of new "Building Secure
Software" book:
http://news.cnet.com/news/0-1014-201-8006311-0.html
Q: In your book you outline 10 principles for writing secure software.
The fourth principle has to do with so-called "security by obscurity,"
which is how many people in the security community characterize the
DMCA (Digital Millennium Copyright Act).
A: If you think about the DMCA, there are the organizations like the
RIAA (Recording Industry Association of America) that are producing
content-protection mechanisms that do not work. And their solution,
instead of building ones that do work, is to pass a law forbidding
people from telling anyone why they don't work. It's a great example
of "The Emperor's New Clothes," and what we have done is outlaw the
little boy from saying that the emperor has no clothes.
Q: What's open source's role in the security-by-obscurity debate?
A: Open-source software is neither more nor less secure than
closed-source software. And the whole issue of whether open source is
more secure is a red herring. We have a chapter in the book about it.
Security by obscurity doesn't work. But just because you have your
source code sitting around in public doesn't mean someone's going to
do a free security review on it, either, which is what the open-source
guys think. That's wrong.
Q: People think that because you can look under its hood, open-source
software is more vulnerable to attack.
A: Incorrect. If I have executable code, I can decompile it, I can
disassemble it, I can poke it and prod it and steal all its little
secrets, just as if I had the source code. I don't need the source
code. But get this: The DMCA expressly forbids me from poking and
prodding and recompiling that. That's ridiculous. The DMCA should be
repealed.
_______________________________________________
free-sklyarov mailing list
free-sklyarov@zork.net
http://zork.net/mailman/listinfo/free-sklyarov
----- End forwarded message -----
_______________________________________________
------------------------
http://www.anti-dmca.org
------------------------
DMCA_discuss mailing list
DMCA_discuss@lists.microshaft.org
http://lists.microshaft.org/mailman/listinfo/dmca_discuss
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic