Saturday, February 15, 2003

Bruce Schneier on Full Disclosure and Locksmiths

Bruce Schneier's latest Cryptogram offers an interesting commentary on full disclosure and locksmithing. From the article:

"...public scrutiny is the only reliable way to improve security. There are several master key designs that are immune to the 100-year-old attack that Blaze rediscovered. They're not common in the marketplace primarily because customers don't understand the risks, and because locksmiths continue to knowingly sell a flawed security system rather than admit and then fix the problem. This is no different from the computer world. Before software vulnerabilities were routinely published, vendors would not bother spending the time and money to fix vulnerabilities, believing in the security of secrecy. And since customers didn't know any better, they bought these systems believing them to be secure. If we return to a world of bug secrecy in computers, we'll have the equivalent of 100-year-old vulnerabilities known by a few in the security community and by the hacker underground."

No comments: