An associate of mine refered me to this article by David Coursey about the recent theft of source code from Cisco Systems. For someone who alledgedly understands the industry, he doesn’t seem to understand that programmers find it very difficult to write and update software without actually having access to that software. Coursey writes
As for securing Cisco itself, I won’t try to tell the company how to stop losing its source code. It just has to be done and if Cisco won’t do it, the government will eventually step in and impose its brand of secrecy in order to protect the Internet as a piece of our country’s—even the world’s-critical infrastructure.
He doesn’t know how to do it, but it “just has to be done” and if Cisco is too stupid to figure it out (as he admits he is), then the wise and prudent government will explain it. Yeah, that same government that can’t even do secure voting correctly.
The sad reality is that with the proliferation of CD-ROM burners and USB memory cards, walking out of work with proprietary data is easier than ever. The restrictions necessary to get even a modicum of security would destroy Cisco’s ability to develop its software. Just as a for instance, debugging would be a nightmare without basically full acccess to the system source code. And in today’s computing environment, if you have access you can copy it. What surprises me is that more copies haven’t leaked out, which speaks highly for how employees view Cisco.
It’s not just a problem with Cisco. If I had wanted a copy of the source code to Windows NT 3.5 or 4.0, I could have had it for the price of some blank CDs. One of the stronger arguments for open source is that anyone who thinks source code can be secured at a medium to large company is simply delusional. Coursey actually has a few non-stupid things to say about that, despite his appalling ignorance on this particular point.