JR asks the following question on the Secret Bunker posting – When it is still easy to attack a system without access to the source, and we all know it is, why doesn't any advantage (like being able to patch the system directly yourself) become an instant positive advantage over closed source?
First, let me ask a question – did anyone find the Secret Bunker street sign amusing, or was that just me ?
JR, that’s an interesting question – There’s a possibility this thread could run for a while… so, let’s dig in…
Assume for a moment that you have a car parked in a public place with valuables in clear sight on the back seat of the vehicle – how long do you think it would be before a thief decides that your vehicle is a prime target for attack? – If your personal belongings are tucked up in the boot/trunk of the vehicle there’s less chance of a passer by thinking about breaking in – sure there’s a chance that someone might try the door handle to see if you’ve been careless and left the vehicle unlocked (wait for it, there’s a computer related thought coming up), but the chances of being broken into are greatly reduced.
Now assume that you’re building an embedded system, you’ve only included the o/s components needed by your system and you’ve only enabled code that’s included in your o/s image to run (you’ve locked the door and put your valuables in the boot/trunk) – in this case where is the attack going to come from?
Or, let's look at this from a slightly different angle - I'm using a product called BlogJet to write this, er, blog - I paid $40 for the product because it does exectly what I want, I can write blogs offline, add text, add images (which are uploaded to an FTP site) etc... Makes blogging extremely simple - what incentive is there for a software developer like BlogJet to open source their application ? - Once the source is out on the web anyone can download it and build the application, so how does the developer make any money from the product ?