Open and closed security are roughly equivalent
Open and closed approaches to security are basically equivalent, with opening a system up to inspection helping attackers and defenders alike.
That's the surprising conclusion drawn by Cambridge don Ross Anderson during a well-received talk to a Linux User Group at London's City University last night.
Anderson has stepped into the debate - which can be near religious at times - between those who believe either the closed (Microsoft) or the open source model are best for security.
Under standard assumptions used by the reliability modelling community neither approach is inherently better, Anderson argues.
[ Read more ]