I don't necessarily think it should be open source. I don't know a ton about software and programming.
Wouldn't making the code publicly accessible make the software easier to be attacked, if the machines are connected to the internet, because more people have seen the code?
Machines should not be connected to the internet. Also, hiding source code or keeping it proprietary does not make it more secure. That is called "security through obscurity" and look how that worked out for Microsoft Windows (riddled with malware)
Our most secure systems all have PUBLIC standards - RSA, SSL, etc.
If the security of a system requires secrecy of the implementation, then it is not secure - it is just a secret. Whoever knows the secret is now very prone to bribes, blackmail, etc.
P.S. not sure who is down voting you but it wasn't me. You are asking reasonable questions. And really, there are different perspectives on this. Some people do think the proper way of handling this type of thing is to have companies provide "super secret programs" which only they know how work. In my view, you just moved the problem to another level - who gets the contract and how.
I don't necessarily think it should be open source. I don't know a ton about software and programming.
Wouldn't making the code publicly accessible make the software easier to be attacked, if the machines are connected to the internet, because more people have seen the code?
Machines should not be connected to the internet. Also, hiding source code or keeping it proprietary does not make it more secure. That is called "security through obscurity" and look how that worked out for Microsoft Windows (riddled with malware)
Our most secure systems all have PUBLIC standards - RSA, SSL, etc. If the security of a system requires secrecy of the implementation, then it is not secure - it is just a secret. Whoever knows the secret is now very prone to bribes, blackmail, etc.
By open source he means anyone can go over it. A million pairs of eyes looking for "WTF is that?".
Yes, but my point was that in theory this also means a million pairs of eyes could look at it ahead of time for flaws.
Yes, that's exactly the point. You have enough people looking at code and finding problems. Works all the time in the open source community.
P.S. not sure who is down voting you but it wasn't me. You are asking reasonable questions. And really, there are different perspectives on this. Some people do think the proper way of handling this type of thing is to have companies provide "super secret programs" which only they know how work. In my view, you just moved the problem to another level - who gets the contract and how.