IMMUNIZING THE INTERNET, OR: HOW I LEARNED TO STOP WORRYING AND LOVE THE WORM
A great
article
in the Harvard Law Review just got slashdotted. It argues that
hackers, worms and viruses are actually good for network security.
I'm a very strong believer in this, and have been for a long time.
When we first released Java in 1995, we made all of the sources
available on the net. Most people just downloaded the binaries and
used them, but a lot of folks downloaded the sources, and many of
them spent many hours trying to figure out how to break the
security of the system. And several people did: they would publish
their attacks, and we'd fix them. The end result is an
extraordinarily strong system. Many people in the software industry
are nervous about such policies because they fear that it will give
nasty folks an unfair advantage. They somehow believe that
"security by obscurity" is a valid technique. I have always
believed, and experience has shown, that the reverse is true: there
are many more good smart people than evil smart people, and good
smart people let us know about any flaws they discover, so we get
things fixed quickly.