[clug] Feedback on an opinion piece: Why Australian National cyber-Security depends on FOSS

Sat Jan 26 20:44:46 MST 2013

On 27/01/13 13:42, steve jenkin wrote:
> 
> I was hoping the good people on-list could help me convert this random
> brain-dump into a cogent, strong argument for the likes of AGIMO, DSD
> and DPM&C.
> 
> <http://stevej-on-it.blogspot.com.au/2013/01/national-security-
> prevention-and.html>
> 
> cheers
> steve
> 
> PS: Is the LCA2013 'chat' list an appropriate place to solicit feedback?
> or the LCA wiki?
> 
> I thought not :-(
> 

I'd avoid push an open source agenda at the same time as pushing a
software security/safety agenda because:

a) It widens the topic too big to consider
b) anti examples such as Android and the lack of updates by providers
highlight the lack of ability to update even a POSIX system on a phone.
c) AGIMO policy is pretty focused on cost benefit with active
consideration of Open Source.

The software security/quality agenda needs to start first and define
some goal before the important role of open source software can play a part.

David Rice wrote in the book Geekonomics similar principles in a well
formed way.

The general over-abbreviated themes of Geekonomics where:
* software is the infrastructure of the current information age and
supports lives ( medical software ) but also significantly affects the
economic prosperity of many businesses.
* software defects are costing lives and mistakes/bugs are an economic
loss to the society overall (cost of applying patches, downtime etc).
* the way defective products are usually manipulated of the market are:
market forces, social forces, legal liability and regulation
* When consumers are unable to identify the quality of a product (e.g.
software and used cars), the only negotiable point is cost.
* Based on progress of software industry still selling a product and
then releasing bug fixes means the maintenance is on the consumer.
* The general conclusion from this is the market and social forces
aren't yet providing the necessary drivers for software developers to
deliver quality bug free software.

For the video inclined: http://vimeo.com/5202385

There are a number of suggestions of David Rice (who I saw works for
Apple now), that can be fairly dangerous towards software but the theme
of change the economic market to drive out poor quality software is the
goal.

The cybercrime report 2010 had a number of interesting recommendations
24-27 around software quality and I'd be interested to see what opinions
there is on the impacts of what has/has not been done is this area.

http://www.dbcde.gov.au/__data/assets/pdf_file/0005/131468/Government_Response_to_the_House_of_Representatives_Parliamentary_Committee_Report_on_Cyber_Crime.pdf

In the report itself:
"8.57
There has been a trade off in the market between security with speed,
interoperability and the desire to allow an openness that will foster
innovation. However, as ACS said, the downside is that:

The competitive nature of computing and the rush to market to
achieve first mover advantages appear to be driving a less
thorough testing of code, system and hardware vulnerabilities.(ACS,
Submission
38, p.10.)"

This is the market force that needs to be changed.

On writing style, you come across as too biased rather than portraying
an unbiased criticism of technologies you obviously disagree with.

The "other issues" inclusion is distracting and prevents you from
writing a clear coherent conclusion.