Open Source Security and The Kerchoff´s Principle

Introduction This lecture was given by Dr. David Mirza Ahmad, one of Subgraph 's chief instructors. Subgraph is an open source security startup based in Montreal. The conversation was based on the principle of Kerchoff. And it says, "The security of any encryption system will not be kept secret, which must be able to pass to the enemy's hand without difficulty." [1] The principle of kerchoff emphasizes the fact that free software should have quite good security. The encryption technology is a black box, and you do not know what is happening inside of it, so the encryption world understands this fact very well.

Like Richard Stallman (RMS), back in the 80's and 90's, Eric. Raymond (ESR) and Linus Torvalds study the idea of ​​free software and open source software (confirmation of the difference between free software and open source software), understand the operating system and legal framework software created at that time did. It is a very good idea to recognize that the concept of free and open source software is dead because the computing environment and legal framework they have created has disappeared. The most important thing now is a new supporter who understands the cloud economy, current legal framework, technologies such as block chains and smart contracts, and suggests a new modern alternative to replace FOSS.

By using open source frameworks and components, organizations can share the security benefits of the widely reviewed code and the usefulness of the code with features provided by many users of many organizations. Open source software creates a collaborative ecosystem centered on key tools and building blocks that make the entire software ecosystem even more powerful. By using open source software, the team avoids reworking the rings, avoiding vendor lock-in, benefiting from others' experience, and reducing the total cost and time of software creation. In addition, the technical team can fix the error immediately without waiting for the vendor's priority or release plan.

Open source software means that users can obtain software and have free access to the source code. Today, more and more technology companies are developing open source software. Black Duck Software, an open source software (OSS) solution provider, helped maximize value by minimizing the risk of open source software and announced the results of the 10 th open source survey in 2016 . According to the survey, 78% of the companies surveyed performed some or all of them on the OSS, 66% said their company is creating software for open source based customers. That is the best use of open source software so far

Software business model, examples, revenue flow, and characteristics of products, services, platforms