A couple of weeks ago I posted: Crowdsourcing Cybersecurity: A Proposal (Part 1) and Crowdsourcing Cybersecurity: A Proposal (Part 2), concluding that publicity (not secrecy) about security flaws would enhance cybersecurity.
Then this week I read:
A classic open source koan is that “with many eyes, all bugs become shallow.” In IT security, is it that with many eyes, all worms become shallow?
Burton: What the Department of Defense said was if someone has malicious intent and the code isn’t available, they’ll have some way of getting the code. But if it is available and everyone has access to it, then any vulnerabilities that are there are much more likely to be corrected than before they’re exploited.
(From Alex Howard’s interview of CFPB ( Consumer Financial Protection Bureau ) CIO Chris Willey (@ChrisWilleyDC) and acting deputy CIO Matthew Burton (@MatthewBurton), reported in: Open source is interoperable with smarter government at the CFPB.
If the “white hats” aren’t going to recognize the benefits of crowdsourcing cybersecurity, perhaps it is time for the “black hats” to take up the mantle of crowdsourcing.
Perhaps that will force the “white hats” to adapt better security measures than “security by secrecy.”
Public mappings of security flaws anyone?
Update: DARPA to Turn Off Funding for Hackers Pursuing Cybersecurity Research
The Pentagon is scuttling a program that awards grants to reformed hackers and security professionals for short-term research with game-changing potential, according to cybersecurity firm Kaspersky Lab.
That’s the ticket. If we don’t know it, it must not be known.