Originally Posted by Voorije
^^^ That would a) sacrifice a level of security. b) cause some places (for instance CF/WA) to probably look away from minion as they cannot protect their policies from being circumvented, and thus would lower minion adoption.
|
Not that I'm pushing for Minion to be open source, but I do want to address a
major, but common, misconception in this post. Specifically a.
Open Source Does Not Compromise Security: Many seem to believe this to be the case, but it's simply not true. Security based purely on your methods being secret is not any security at all.
All software is inherently reversible, thus there will always be someone willing to go to the effort of finding your super-secret algorithm. If however, your algorithm is open, coders like myself who aren't going to go to the effort of reversing your program just to evaluate it's security practices, are likely to find those little nagging weaknesses and offer up patches.
If you need a perfect example of how Open Source can, (and often is), more secure than closed source, compare the number of live exploits for OpenBSD (can you find any?) to Microsoft Windows.