Does releasing the sourcecode make a system more secure?

[Sly]

http://frontline.ph/stories/1755/2009/08/25/comelec-source-code-key-to-clean-polls.html

As you can tell from the article, it's the first time that a computerized election system is going to be used in my country (We still tally the votes on a blackboard), so i'm not sure how this kind of system to vote for the next president works.

Apparently, they're gonna make the source code for the software they will use open to the public. Is this really normal?

 

[eloj]

It ought to be normal. We know for sure that the code typically sucks and can be exploited. See http://www.blackboxvoting.org/

Of course just dumping the code in the open doesn't magically make the machines better, but it does make them easier to analyse and in the long term, more secure.

 

[jeremyshaw]

I remeber a documentary showing vote fraud.

The thing was busted when somebody discovered the source code by accident.

 

[Keiichi]

1. This is the wrong forum
2. No, it doesn't

 

[Brak710]

It would only make it better if the people who found a bug/exploit reported it, if not, you're just feeding people information to make Zero-Day type exploits.

 

[blarg]

The short answer is it depends.

If the source code is just being made public and private developers maintain it without caring much about input from the community it's just opening up exploits.

If the developers actively let the community participate in making the software better then it will eliminate a lot of problems. The open source model is proven and trusted all over the world. If there is an interested user community they will help make the software better.

Take my message with a grain of salt, I'm a Linux / Open Source enthusiast, but I have seen enough Windows security problems in my life to say that the Open source way isn't perfect but it's better than sitting around waiting for someone else to fix problems you can fix.

 

[Xipher]

I think every thing has been covered but in agreement with many people here publishing the code doesn't change the code. Only if they get eyes on it and people putting out the patches to help the project that it can make a difference.