[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] Open source the answer to dog-eat-dog security



http://it.mycareer.com.au/opinion/rewire/2001/07/03/FFXUWZU4NOC.html

----------------------------------- CUT ------------------------------

Open source the answer to dog-eat-dog security  

Tuesday 03 July, 2001  

By ERIC WILSON  

As we saw last week, many of today's public key encryption (PKI) e-
commerce security implementations leave a lot to be desired. For 
example, often a single application can get the digital certificate 
to stamp multiple transactions, while only asking for the end-user's 
password to use the certificate once.  

This means that for now, even PKI mixed with smartcards and 
authenticators may not be enough to get e-commerce over the barrier 
of gaining universal acceptance. On most occasions we are still being 
asked by the Internet security industry to simply trust with little 
tangible evidence either way until after the fact that other people's 
code, from every merchant and financial institution under the sun, 
will do the right thing on our system with our money. That's a lot to 
ask.  

So I believe, ultimately, for security to be real, it must be "open 
sourced". This concept involves distributing the instructions making 
up an application with the finished program itself. In this way, the 
processes underpinning an e-commerce transaction can be made 
transparent not just what is being done on your system but how it is 
being done open to inspection by all. (Of course the information 
involved in the trades themselves is kept private.)  

[...]

----------------------------------- CUT ------------------------------