View Full Version : Security through obscurity vs. open source

October 28th, 2008, 12:27 PM
Do you believe in security through obscurity? (e.g. closed source is best for security?)

Since this is a Ubuntu/Linux forum, I doubt it. However, there's another question: if there's a severe security hole in a program, should you: A) Cover it up and patch it, then release the patch, not telling anyone, or B) Tell people about the hole, so they can defend themselves against it, then release a patch?

October 28th, 2008, 12:32 PM
C should be the universal answer, proprietary or otherwise.

October 28th, 2008, 02:37 PM
When open source software companies find security problems they patch it first, then tell everyone about it. That's the best way.

October 28th, 2008, 02:41 PM
With a possible exception of a very new hole that you can fix quickly, tell everyone so they can be prepaired. But, you need to actually accept the help. If you tell everyone and then don't use the help needed, then you will be shooting yourself in the foot.