565

Firefox is on the brink of being dropped by the US Government (www.brycewray.com)

submitted 1 year ago by morrowind@lemmy.ml to c/technology@lemmy.world

246 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] starbreaker@kbin.social 85 points 1 year ago

Here are a few names you can blame in addition to the USWDS:

Deloitte
Accenture
Ernst & Young
KPMG
PwC

The four corporations other Accenture constitute the US' "Big 4 accounting firms", and they get a shitload of money from local, state, and the Federal government to develop software for them at taxpayer expense -- and none of this publicly-funded code is FOSS.

[-] netchami@sh.itjust.works 51 points 1 year ago

The Free Software Foundation Europe has an awesome initiative called Public Money Public Code where they try to convince lawmakers to use as much open source software as possible when using public funds. I really hope they succeed.

[+] Kolanaki@yiffit.net -44 points 1 year ago

What about security? If it's open source, anyone can poke around in the code and find vulnerabilities to exploit way easier.

[-] Chronographs@lemmy.zip 50 points 1 year ago

Security through obscurity doesn’t, work the vulnerabilities are still there. Also if the vulnerabilities are visible they’re also easier to close.

[-] NAK@lemmy.world 32 points 1 year ago

Tell me you have never worked in IT security without telling me you never worked in IT security.

To give you an actual answer, instead of pure Internet snark, the concept you're proposing is called "security through obscurity" if you want to research it.

The TL:DR of it is it doesn't work. If it did, all software would be proprietary and things like viruses wouldn't exist. The source code for Windows isn't available, but Windows gets exploited constantly.

[-] tabular@lemmy.world 23 points 1 year ago

More eyeballs are from people wanting those flaws fixed that wanting to exploit them.

Proprietary source code has much fewer eyeballs, none of which you can verify belong to competent or trustworthy people.

[-] Revan343@lemmy.ca 21 points 1 year ago

If it's open source, anyone can poke around in the code and find vulnerabilities to ~~exploit way easier~~ patch

FTFY. Open source software is more secure than closed source, not less

[-] lud@lemm.ee 9 points 1 year ago

No, you can't really make blanket statements like that at all.

Open source doesn't compromise security on its own and closed source is the same.

Open source might be more secure but that's only if people actually audit it properly and some closed source codes are audited more closely than some open source code.

[-] netchami@sh.itjust.works 11 points 1 year ago

Is this a serious question?

This is the exact same ridiculous argument that proprietary software corporations make. It never made any sense, security through obscurity will never work. Linux is open-source used on ~80% of all web servers, in your logic these servers would all be vulnerable. It just doesn't make any sense. Linux is also used in many embedded devices and Android is based on the Linux kernel. But Android (which is also entirely open source) has one of the best security models out there.

[-] cm0002@lemmy.world 8 points 1 year ago

That's the same bullshit line politicians and corporations use, it's simply not true

[-] sudneo@lemmy.world 5 points 1 year ago

Vulnerabilities can and are usually found without code inspection. Fuzzing, reverse engineering, etc. At the same time, it is easier to find vulnerabilities having the code to check, but it is easier also for those who want to have them patched. That's why we have tons of CVEs in Windows, iOS etc., and they don't all come from the vendor... Depending on the ratio of eyeballs looking at something to fix and the ones looking at something to exploit, open source can be more secure compared to closed source.

[-] FangedWyvern42@lemmy.world 3 points 1 year ago

Lol

[-] acockworkorange@mander.xyz 0 points 1 year ago

And 100% of it is dog shit. I have seen custom products from Accenture, Deloitte, and E&Y, and they were passable prototypes at best.

[-] theneverfox@pawb.social 2 points 1 year ago

Accenture doesn't make shit. They bring in expensive ass consultants with 25 years of experience (on paper), then they sell something basically off the shelf. What's left of the budget goes to a subcontractor, who now has to glue the already purchased pieces together with spit and gum, now on a very tight timeline before the funding runs out and your tiny company gets the blame

Haven't worked directly with the others, but the Accenture story was the same everywhere

this post was submitted on 05 Dec 2023

565 points (89.7% liked)

Technology

59983 readers

2154 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago

MODERATORS