Dirk Riehle's Industry and Research Publications

Interview on open source and security with DLF Kultur (in German)

I had a ten minute interview with the enjoyably competent Marcus Richter and Hagen Terschüren of DLF Kultur last week. It aired as part of the Breitband show on Saturday April 6th. Our topic was open source infrastructure, security challenges to it, and whether the state needs to step up. It is available as

XZ-Backdoor: Wie eine Sicherheitslücke fast das Internet zerstört hat

DLF Kultur Breitband Show 2024-04-06

The show is in German (local copy). Here are my key messages:

  1. Software supply chain attacks are happening all the time; we need to treat this as business as usual; there are plenty of unknown unknowns
  2. Closed source is not more secure than open source (there is no “security through obscurity” according to my security colleagues)
  3. The state needs to step up and support open source infrastructure that is not sexy enough to attract commercial funding

At the end, I made a short detour to a favorite topic of mine, which is to focus on business functions first, and capabilities (to support business functions) second. Unless you are a security company, making things secure is a capability, not a business function. If you make security its own department, you are making it one step removed from where it is needed, weakening the impact of your security work.

Subscribe!

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Navigation

Share the content

Share on LinkedIn

Share by email

Share on X (Twitter)

Share on WhatsApp

Featured startups

QDAcity makes collaborative qualitative data analysis fun and easy.

Featured projects

Open data, easy and social
Engineering intelligence unleashed
Open source in products, easy and safe