Sponsored by: This story appeared on Network World Fusion at http://www.nwfusion.com/columnists/2002/0624bradner.html Fighting terrorism with obscurity? By Scott Bradner Network World, 06/24/02 The Alexis de Tocqueville Institution published a white paper earlier this month called "Opening the Open Source Debate." The headline on its press release claimed that "Open source software may offer target for terrorists." In spite of that headline, the report mostly focused on the evils of some open source licensing - not security. The small part of the report about security issues with open source was based on the implied claim that hiding security flaws rather than fixing them is somehow better. I guess the group assumes that, counter to all experience and against the recommendation of most security experts, security through obscurity works. I do not have the report in front of me as I write this because the group removed it from its Web site almost as soon as it was published, saying that the wrong version got posted. I did look through some of it during the window it was online and was not all that impressed. There is quite a good review of that temporarily available version here. I was not able to find out much about the Alexis de Tocqueville Institution from its Web page. I do not know how long the organization has been around, though the list of only 13 reports or books available would indicate that it is quite new. I also could not find any information about the institution's source of funding or how many researchers it has. But if I were to project using this report as input, it seems as though the group is looking for money and hopes that it will get funds from Microsoft if it parrots the software maker's line on open source. Quite a few commentators have expressed the opinion that Microsoft must have paid this group to produce the report. But I'm not convinced, given that the report too closely follows the Microsoft line, is too amateurish, and the press release is too garish even for Microsoft. If you want to read a well-done report on open source take a look at "A business case study of open source software" from Mitre. In this report, Mitre takes its normal very high-class, professional approach to some of the same issues that the institution's report tries to address. I support open source software, but not at the exclusion of commercial products. Note that history has shown that proprietary software is not automatically secure; take for example Microsoft's Internet Information Server. It is at best a pathetic realization of the weakness of one's argument to resort to using the threat of terrorism to attempt to sell an otherwise unrelated topic. This use is intellectually dishonest, does a severe disservice to the cause for which the de Tocqueville Institution seems to be espousing and makes harder the real fight we are facing. Disclaimer: Everyone at Harvard is intellectually honest so the above does not apply and is my own opinion. Related Links All contents copyright 1995-2002 Network World, Inc. http://www.nwfusion.com