Why We're Releasing Our Design Data To The Open-Source Community

Shamal Faily | Webinos | September 4, 2012

There is an on-going debate about whether open-source software is more secure than closed-software, or vice-versa.  The argument raised by proponents of the former is, as Eric Raymond puts it, “many eyes make all bugs shallow”.  Proponents of the latter camp argue that this is a simplification; after all, they claim, many eyes looked at software vulnerabilities in open-source products like OpenSSL before alarm bells were raised.  It’s also difficult to know quite how many zero-day attacks have been made possible because of open-source software vulnerabilities.

From our perspective, what matters to us is that you, the community, have the ability to review webinos design decisions and propose changes where these are believed necessary.  To do this, the least we can do is equip you with the same data and tools that we use to make sense of data and make security design decisions about webinos.  For this reason, we have decided to release our requirements and usable security design data to github...