FITUG e.V.

Förderverein Informationstechnik und Gesellschaft

Open source the answer to dog-eat-dog security

http://it.mycareer.com.au/opinion/rewire/2001/07/03/FFXUWZU4NOC.html


Open source the answer to dog-eat-dog security

Tuesday 03 July, 2001

By ERIC WILSON

As we saw last week, many of today's public key encryption (PKI) e- commerce security implementations leave a lot to be desired. For example, often a single application can get the digital certificate to stamp multiple transactions, while only asking for the end-user's password to use the certificate once.

This means that for now, even PKI mixed with smartcards and authenticators may not be enough to get e-commerce over the barrier of gaining universal acceptance. On most occasions we are still being asked by the Internet security industry to simply trust with little tangible evidence either way until after the fact that other people's code, from every merchant and financial institution under the sun, will do the right thing on our system with our money. That's a lot to ask.

So I believe, ultimately, for security to be real, it must be "open sourced". This concept involves distributing the instructions making up an application with the finished program itself. In this way, the processes underpinning an e-commerce transaction can be made transparent not just what is being done on your system but how it is being done open to inspection by all. (Of course the information involved in the trades themselves is kept private.)

[...]


Zurück