2008-01-04

Shared source

Shared source programs allow restricted auditing of normally closed source code. This is mostly done by software vendors to get contracts from governments for sensitive application areas. Examples include Microsoft's Windows OS and Voting machine vendors.

The point I want to bring up is that though you can use that kind of audit to further assure that the software vendor didn't make any unintentional errors, normally this doesn't help you against intentional backdoors.

Why that? Well unless you really build the software yourself, the vendor could show you any source code and deliver any malicious software. This is the point where I doubt, that the auditor really takes the given source and builds the product from there on after the audit.

So those audits still imply trusting the vendor. Thats the interesting point, do you really trust the voting machine vendor? Imagine what you could do with the control over elections in a country. Or the control over a government computer through controlling the operating system.

1 comment:

Patience said...

Great work.