Open Source - Why it's Good for Security

    Date18 Apr 2000
    4360
    Posted ByAnthony Pell
    Hiding your program's (or operating system's) source code doesn't buy you the security that you'd expect. Hackers have been reverse engineering or doing "Black Box analysis" for years. Just because I can't see the original C source code for a . . . Hiding your program's (or operating system's) source code doesn't buy you the security that you'd expect. Hackers have been reverse engineering or doing "Black Box analysis" for years. Just because I can't see the original C source code for a program doesn't mean that I can't run it in a debugging, or code execution trace environment, to watch its operation. The point to keep in mind is this: for a computer's processor to execute a program, it has to be able to read each instruction. Each instruction is a bit of machine code, which is transformed quite easily to assembly code. Some programs can attempt to convert the machine/assembly code into the more easily readable C code. As many people can read C and Assembly, especially the hackers who will develop the exploits against a program, closing the source doesn't stop a number of hackers from finding vulnerabilities in your program! A recent example of this was illustrated in a Bugtraq post last December, where BindView's Todd Sabin illustrated a vulnerability in Windows NT's SYSKEY, which was discovered without source and was aided by the use of a disassembler.
    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    12
    radio
    [{"id":"53","title":"Yes","votes":"4","type":"x","order":"1","pct":80,"resources":[]},{"id":"54","title":"No","votes":"1","type":"x","order":"2","pct":20,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.