Thoughts on Security

Russel Coker has written a blog post on security.  He canvasses the possibility of moles being planted in software development teams, particularly of FLOSS projects,  with the goal of subverting the security of the software.  He observes that States capable of a nuclear weapons program are also capable of planting such a mole.  I don’t think the subversion of a  FLOSS project would be the end of the story.  If that were to happen, Governments who relied on the project would either need to: stop using the project; or undertake more stringent QA.  Since direct action is available as a remedy, it is quite plausible that the subversion of a project could give rise to a counter subversion by parties which might be affected by a security breach.  Governments might spend more time and effort running a counter-insurgency (eg more coding, more code QA, greater involvement in the development process).  Perhaps ironically, a compromise could be overall beneficial to a project if it provokes a spirited defence.  This is more likely in larger more critical projects – but then again, they are probably the more likely targets as well.