[liberationtech] About "Confide"

[Andrew Cady]

On Sat, Apr 26, 2014 at 05:18:47PM -0400, Shava Nerad wrote:

>    Anyone who is lauding the verifiability of open source security
>    software had best show that their code has been regularly and
>    thoroughly audited. 
>
>    It will be very easy for closed source alternatives -- snake oil or
>    legit -- for some time to point to heartbleed as a fatal flaw of
>    hubris in the argument that open sourcing is panacea to the trust
>    issue.
>
>    It shook me.  Two years, undisclosed?  What a waste.

Not a panacea?  OK.  But if you think closed source software is less
vulnerable to bounds-checking errors then, well, you're wrong.

If anything, Heartbleed should show that using C does not necessarily
make sense for critical security stuff.  Or, you know, maybe we
shouldn't even be looking for "lessons," because it's just the way it
goes in software: there will be bugs.  Nothing was unprecedented about
Heartbleed -- not even the scope of the vulnerability.  Countless
exploitable buffer overflows have been deployed on that scale for years.

The reason you can't trust closed software, though, is that you need to
trust not just the compentence, but also the intentions and priorities
of the owner of the source.  And practically speaking, that means you
must trust them to stand up against the US government, fight subpoenas,
spend millions of dollars for no personal benefit, and possibly even go
to jail, just to keep your secret keys secret...  Not going to happen if
the purpose is of releasing the software is just to make some money off
of post-Snowden panic.