The following text is copyright 2002 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.


Fighting terrorism with obscurity


By Scott Bradner


In early June the Alexis de Tocqueville Institution ( published a white paper called "Opening the Open Source Debate."  The headline on their press release claimed that "open source software may offer target for terrorists."  In spite of that headline the report itself mostly focused on the evils of some open source licensing not security.  The small part of the report that was about security issues with open source was based on the implied claim that hiding security flaws rather than fixing them was some how better.  I guess they are assuming that, counter to all experience and against the recommendation of most security experts, security through obscurity works.


I do not have the report in front of me as I write this because the Institution removed it from their web site almost as soon as it was published, claiming that the wrong version got posted.  I did look through some of it during the window and was not all that impressed.  There is a quite good review of the temporally available version at


I do not know anything about the Alexis de Tocqueville Institution, and was not able to find out much from their web page.  I do not know how long they have been around, the list of only 13 reports or books available would indicate that they are quite new, nor is there any information about their source of funding or how many researchers they have.  But if I were to project using this report as input it looks like they are looking for money and hope that they will get funds from Microsoft if they parrot the Microsoft line on open source.  Quite a few commentators have expressed the opinion that Microsoft must have paid them to produce the report, but I'm not convinced, the report too closely follows the Microsoft line, is too amateurish and the press release too garish even for Microsoft.


If you want to read a very well done report on open source take a look at "A business case study of open source software" from MITRE (  In this report MITRE takes its normal very hi class professional approach to some of the same issues as the Institution's report tries to address.   I do support open source software but not are the exclusion of commercial products.  Note that history has shown that proprietary software is not automatically secure, take for example Microsoft's IIS.


It is at best pathetic realization of the weakness of one's argument to resort to using the threat of terrorism to attempt to sell an otherwise unrelated topic.  This use is intellectually dishonest, does a severe disservice to the cause for which the de Tocqueville Institution seems to be espousing and makes harder the very real fight we are facing.


disclaimer:  Everyone at Harvard is intellectually  honest so the above does not apply and is my own opinion