[Cryptography] EFF amicus brief in support of Apple

Jerry Leichter leichter at lrw.com
Sun Mar 6 11:28:51 EST 2016


> The tenor of such comments is always "there's a silver bullet here,
> and it is open systems". Well, no, sadly, there are no silver
> bullets. Security is hard, and remains (sadly) a set of trade-offs
> between alternatives that are often quite mediocre. Regardless,
> forcing your 80 year old grandfather who used to be a chef to audit a
> few million lines of source code, compile them, and load them onto
> his phone before he can make a phone call isn't going to help
> anything at all.
Beyond that ... the most damaging recent bug is the DNS resolver bug in glibc, code which has been open and available for inspection from the day it was written - and the (rather obvious, once you see it) bug managed to survive for 8 years.

It's time we stopped believing that there's something magic about open source software.  There's good software and there's bad software, and even the best software has bugs.  And beyond bugs, all software can be deliberately subverted.  There are no silver bullets, just tons of continuing hard work.

                                                        -- Jerry



More information about the cryptography mailing list