When I first saw the product announcement making it rounds, I found this lovely red flag in their FAQ about why they will never open source any of their code: It is my opinion that anyone who...
Exemplary
When I first saw the product announcement making it rounds, I found this lovely red flag in their FAQ about why they will never open source any of their code:
Some of the messaging community believes that software that is open source is more secure. It is our view that it is not. The more visibility there is into the infrastructure and code, the easier it is to penetrate it. By design, open source software is distributed in nature.
It is my opinion that anyone who believes security by obfuscation is valid security hygiene does not understand security. This screams “we don’t really know what we are doing.” They could have listed any number of defensible reasons why not to open source their code base; however, mentioning security is the one reason that is demonstrably false and inaccurate.
For those who may not be versed in open source and security and may be convinced towards the validity of Sunbird’s claims, take a look at OpenSSL or OpenSSH or any number of open source libraries used to run the secure Internet.
When I first saw the product announcement making it rounds, I found this lovely red flag in their FAQ about why they will never open source any of their code:
It is my opinion that anyone who believes security by obfuscation is valid security hygiene does not understand security. This screams “we don’t really know what we are doing.” They could have listed any number of defensible reasons why not to open source their code base; however, mentioning security is the one reason that is demonstrably false and inaccurate.
For those who may not be versed in open source and security and may be convinced towards the validity of Sunbird’s claims, take a look at OpenSSL or OpenSSH or any number of open source libraries used to run the secure Internet.