Home > Security > Closed-source security solutions

Closed-source security solutions

A dark door.

by cthoyes (Flickr) – CC BY-NC-ND

The recent report of someone finding backdoors in Barracuda Networks’ firewall and VPN products didn’t surprise me much.  What else do you expect from a closed-source solution?  I mean really, when are people going to stop trusting black-box solutions?  Security is always a trust issue no matter what aspect you are looking at.  Why would you trust something with your security without knowing exactly what it does and how it works?

Open source solutions are completely different.  You can look inside, see how things work, make changes if you like, and trust the solution works the way you expect it to.  You aren’t trusting the company that is selling it to you but rather you are trusting yourself or your own people.  Why would you want it any other way?

  1. Michael
    2013-01-26 at 05:27 EST

    While I suppose the question is purely rhetorical, let’s answer to it nonetheless. Usually, it boils down to not having the resources inside to do otherwise. Or because you prefer to shift the responsibility to a vendor.

    • 2013-01-26 at 08:22 EST

      Oh you can shift all the responsibility to a third-party all you want but your customers are still going to come looking for *you* when bad things happen. The patient isn’t going to come looking for Cisco or any other vendor when their medical records got released on the Internet. They are going to come looking to the hospital or doctor’s office where the data was being stored. Worse yet, once that data is out in the open there is no way to remove it.

      If you don’t have the resources inside to do the work then you can either a) find and hire the needed resource or b) trust that open source solutions already have more eyes on them (especially if they are supported through a major company).

      Ultimately, the responsibility for security does not lay in the hands of vendors but right at the doorstep of data owners.

  2. Michael
    2013-01-26 at 12:42 EST

    I agree, but i am not the one to convince. And the issue is that, if you ask to the vendors, they will say they are certified. They will explain that others do use their solutions, that they use rigorous testings. I guess I do not need to explain how does the business of security work…

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s