<div dir="ltr"><div><div><div><div><div><div>Mark,<br><br>What open source gives you is the freedom and choice to check for yourself whether the code is secure or not. While it is not a guarantee, at least it puts the onus on you.<br>
<br></div>If we are to discuss security & NSA there are very many commercial cryptography applications that have long been suspected of having backdoors that would be of use to certain governments. Last I chceked NSA pays an annual retainer running into hundreds of millions to ensure commercial vendors introduce backdoors they can use. On top of that, remember when US firms couldn't export cryptography that used more than 1024 bits?<br>
<br></div>The problem with closed source, you have no liberty to check for yourself. You just hope!<br><br></div>Back to OpenSSL; yes it had a serious bug for long, and I am sure not the last one, but if you look at how the HeartBleed bug came to be discovered and fixed, it was the openness that made this possible.<br>
<br></div>Coming closer home, and regarding our recently implemented PKI Infrastructure by Koreans, how many would bet we have similar bugs in that implementation? How many would bet that no security audit was done based on the sources and that there is no guarantee of a backdoor in the system?<br>
<br></div>Again, we can only hope!<br><br></div>Regards<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Apr 29, 2014 at 4:21 PM, Mark Mwangi via kictanet <span dir="ltr"><<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Again as Dennis said, there are loopholes even in open source software<br>
and so that argument is moot. If governments such as the Canadian one<br>
with practically unlimited resources couldnt find the holes then what<br>
good is making the code open source?<br>
<br>
Open sourcing doesn't make the code more secure by virtue of the action.<br>
<br>
On Tue, Apr 29, 2014 at 3:49 PM, Evans Ikua via kictanet<br>
<div><div class="h5"><<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a>> wrote:<br>
> Thats not the issue. There is no software that is absolutely secure, open or<br>
> closed source. The issue is being able to get into the code and find out if<br>
> there are backdoors where someone else is snooping on your systems and data,<br>
> especially if you are a Government.<br>
><br>
><br>
> On Tue, Apr 29, 2014 at 3:20 PM, Dennis Kioko <<a href="mailto:dmbuvi@gmail.com">dmbuvi@gmail.com</a>> wrote:<br>
>><br>
>> But Mr. Ikua,<br>
>> The equally open source software known as OpenSSL had a glaring hole for<br>
>> years, which some suspect the US government might have known about too.<br>
>><br>
>> For as long as we have had software, so have we had software bugs, be it<br>
>> open, closed or ajar :-)<br>
>><br>
>><br>
>> On Tuesday, 29 April 2014, Evans Ikua via kictanet<br>
>> <<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a>> wrote:<br>
>>><br>
>>> Well put Walu. This is the strategic dilemma of using closed source<br>
>>> proprietary software. I am sure the lessons that Russia learns from this<br>
>>> will inform other governments that you are only as free as the technology<br>
>>> that you use.<br>
>>><br>
>>> Evans<br>
>>><br>
>>><br>
>>> On Mon, Apr 28, 2014 at 7:27 PM, Walubengo J via kictanet<br>
>>> <<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a>> wrote:<br>
>>>><br>
>>>> ####snip#####<br>
>>>><br>
>>>> The United States Computer Emergency Readiness Team, a part of Homeland<br>
>>>> Security known as US-CERT, said in an advisory released on Monday morning<br>
>>>> that the vulnerability in versions 6 to 11 of Internet Explorer could lead<br>
>>>> to "the complete compromise" of an affected system.<br>
>>>><br>
>>>> read more<br>
>>>><br>
>>>><br>
>>>> <a href="http://www.chicagotribune.com/business/technology/chi-microsoft-explorer-security-flaws-20140428,0,4797833.story" target="_blank">http://www.chicagotribune.com/business/technology/chi-microsoft-explorer-security-flaws-20140428,0,4797833.story</a><br>
>>>><br>
>>>> ########snip#####<br>
>>>><br>
>>>> Funny - I keep feeling that the US Gov KNEW about this hole for many<br>
>>>> years :-)<br>
>>>><br>
>>>> Meanwhile, use the Internet Explorer browser only if you think you have<br>
>>>> nothing important to lose. No wonder President Putin has been a worried man<br>
>>>> and wants to move his staff back to typewriters :-)<br>
>>>><br>
>>>> walu.<br>
>>>><br>
>>>> _______________________________________________<br>
>>>> kictanet mailing list<br>
>>>> <a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><br>
>>>> <a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br>
>>>><br>
>>>> Unsubscribe or change your options at<br>
>>>> <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/ikua.evans%40gmail.com" target="_blank">https://lists.kictanet.or.ke/mailman/options/kictanet/ikua.evans%40gmail.com</a><br>
>>>><br>
>>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform<br>
>>>> for people and institutions interested and involved in ICT policy and<br>
>>>> regulation. The network aims to act as a catalyst for reform in the ICT<br>
>>>> sector in support of the national aim of ICT enabled growth and development.<br>
>>>><br>
>>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors<br>
>>>> online that you follow in real life: respect people's times and bandwidth,<br>
>>>> share knowledge, don't flame or abuse or personalize, respect privacy, do<br>
>>>> not spam, do not market your wares or qualifications.<br>
>>><br>
>>><br>
>>><br>
>>><br>
>>> --<br>
>>> ----------------------------------------------------<br>
>>> Kind Regards,<br>
>>> Evans Ikua,<br>
>>> <a href="http://lanetconsulting.com" target="_blank">lanetconsulting.com</a>,<br>
>>> <a href="http://lpi-eastafrica.org" target="_blank">lpi-eastafrica.org</a>,<br>
>>> Skype: evans.ikua<br>
>>> Twitter: @ikuae<br>
>>> Cell: +254-722-955831<br>
>><br>
>><br>
>><br>
>> --<br>
>> with Regards:<br>
>><br>
>> <a href="http://blog.denniskioko.com" target="_blank">blog.denniskioko.com</a><br>
>><br>
>><br>
><br>
><br>
><br>
> --<br>
> ----------------------------------------------------<br>
> Kind Regards,<br>
> Evans Ikua,<br>
> <a href="http://lanetconsulting.com" target="_blank">lanetconsulting.com</a>,<br>
> <a href="http://lpi-eastafrica.org" target="_blank">lpi-eastafrica.org</a>,<br>
> Skype: evans.ikua<br>
> Twitter: @ikuae<br>
> Cell: +254-722-955831<br>
><br>
> _______________________________________________<br>
> kictanet mailing list<br>
> <a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><br>
> <a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br>
><br>
> Unsubscribe or change your options at<br>
</div></div>> <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/mwangy%40gmail.com" target="_blank">https://lists.kictanet.or.ke/mailman/options/kictanet/mwangy%40gmail.com</a><br>
<div class="">><br>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for<br>
> people and institutions interested and involved in ICT policy and<br>
> regulation. The network aims to act as a catalyst for reform in the ICT<br>
> sector in support of the national aim of ICT enabled growth and development.<br>
><br>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors<br>
> online that you follow in real life: respect people's times and bandwidth,<br>
> share knowledge, don't flame or abuse or personalize, respect privacy, do<br>
> not spam, do not market your wares or qualifications.<br>
<br>
<br>
<br>
--<br>
</div>Regards,<br>
<br>
Mark Mwangi<br>
<br>
<a href="http://markmwangi.me.ke" target="_blank">markmwangi.me.ke</a><br>
<div class=""><br>
_______________________________________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><br>
<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br>
<br>
</div>Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/ngigi%40at.co.ke" target="_blank">https://lists.kictanet.or.ke/mailman/options/kictanet/ngigi%40at.co.ke</a><br>
<div class="HOEnZb"><div class="h5"><br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div style="border-collapse:collapse;color:rgb(136,136,136);font-family:'Droid Sans',arial,sans-serif;font-size:13px"><div><font face="Calibri"><font><b>Regards,</b></font></font></div>
<div><br></div><div><font face="Calibri"><font><b>Wait</b></font></font><b style="font-size:small;font-family:Calibri">haka Ngigi</b></div></div><div><div><font face="Calibri"><font><font color="#888888" face="'Droid Sans', arial, sans-serif"><span style="border-collapse:collapse">Chief </span></font><font color="#888888"><span style="border-collapse:collapse">Executive</span></font><font color="#888888" face="'Droid Sans', arial, sans-serif"><span style="border-collapse:collapse"> Officer | </span></font><font style="border-collapse:collapse;font-family:'Droid Sans',arial,sans-serif;font-size:13px" color="#FF6600">Alliance Technologies</font><font color="#888888" face="'Droid Sans', arial, sans-serif"><span style="border-collapse:collapse"> | MCK Nairobi Synod Building</span></font></font></font></div>
</div><div style="border-collapse:collapse;color:rgb(136,136,136);font-family:'Droid Sans',arial,sans-serif;font-size:13px"><div><font face="Calibri"><font><span style="font-family:arial"><font face="Calibri"><font>T + 254 </font></font></span></font></font><span style="font-family:Calibri,sans-serif;font-size:13px;line-height:14px">(0) 20 2333 471 </span><span style="font-family:Calibri,sans-serif;font-size:13px;line-height:14px">|Office Mobile: +254 786 28 28 28 </span><span style="font-family:Calibri,sans-serif;font-size:13px;line-height:14px"></span><span style="font-family:Calibri,sans-serif;font-size:13px;line-height:14px">| </span><span style="font-family:Calibri">M <a style="color:rgb(103,117,58)">+ 254 737 811 000<br>
</a></span></div></div><div style="border-collapse:collapse;color:rgb(136,136,136);font-family:'Droid Sans',arial,sans-serif;font-size:13px"><div><span style="font-family:Calibri"><a href="http://www.at.co.ke" target="_blank">www.at.co.ke</a></span></div>
<div><br></div><div></div><div><img src="http://academia.a1.io/images/a1io_footerlogo.png"><br></div></div>
</div>