Glenn R. Crownover wrote:
> Just as an aside, the phrase "everyone else is using it" could also be
> considered a downside when taking security into consideration. The more
> something is used, the more hackers know about it.
When do people stop to make such statements? I would like to repeat my
answer in the DNS thread - but I know it was a little bit rude.
Security by obscurity is NO solution to security problems. It keeps people
thinking they are secure when they really aren't.
Widely used open software with a design that has security as its main
focus, that can be reviewed by anybody interested, even with a price for
found security holes is the best base I can think of.
Open source is no guarantee for security. But it helps in getting an
opinion about a product that is based on facts and not marketing crap. If
this software is widely used and analyzed by security experts and hackers
it's a big win. Security problems will be discovered and eliminated faster
than in every other product.
Just food for thought.
Frank
