In my personal life I write software for the manufacturing industry. Professionally, I am an engineer, and write code for computer-operated equipment (lathes and mills, commonly known as CNC machines.)
For a sense of scale, let me say that most CNC programs are under 250 lines of code. In addition to controlling the cutting tools, the programs will check for operator input mistakes: Tools can only be adjusted within a narrow range, anything outside that range and the machine won't run. Did the operator slow it down to check something and forget to turn it back to 100%? Machine won't run. And so on. Idiot-proofing, dimensional checks and feedback, torque monitoring, etc.
Before we even let the customer see their new machine, we have already run the machine for 8 hours of hands-off auto cycling of the program. We have also run each cutting tool through enough parts to ensure the cutting conditions are optimal. Then for the customer we run an additional hands-off production run of 8 hours or 35 pieces (whichever is greater) and then do a 100% inspection of every feature out to 5 decimal places, followed by some statistical analysis to measure capability. Once the customer is happy, we ship the machine and repeat this on their floor. Then we spend a few days going over the statistical analysis, then a week of training for their operators. Only then is it ready for producing parts that make sure your car door latches with 18lbs of force rather than 19lbs.
Oh, yeah... we provide the computer code to the customer as well, every line commented for clarity.
Doesn't it seem like voting software, which likely is thousands of lines of code, should be made open-source and go through some sort of approval process before being used for real? Isn't this software vetted or tested or examined at all?
-+Edit+- I should clarify... I am not claiming that voting software and CNC programs are similar in architecture, language, layout, complexity, or structure. My point is, if a fairly simple g-code program and its performance is vetted so thoroughly by the end user, at multiple points in its development and prove out, then why in the hell isn't the software that determines how my vote is recorded given the same level of scrutiny? I didn't realize my example was too convoluted for so many snowflakes.
view the rest of the comments →
[–] buckhorn ago (edited ago)
You are correct that it's easier to discover existing exploits with access to the source. However, this is a double-edged fact that cuts both ways...
Closed source can slow those with malicious intent but not stop them. If the payoff of a successful hack is high enough, people will undertake the effort. Some might just do it for the intrinsic motivation of solving a puzzle or the lulz. It only takes one person with secret knowledge of a zero-day exploit to do a lot of damage. A group with the resources of a state- level actor arguably wouldn't even be slowed down by closed source.
On the other hand closed source, backed by the threat of legal prosecution is too high of a barrier to entry for honest people that would otherwise pitch in reviewing and improving the code. E.g., some might be curious. Some might be students assigned to read the code as an example of good design. Some might want to understand how to adapt it for use in their chess-club elections. Some might be paid security researchers working for McAfee or Norton who will earn publicity if they write up a blog post detailing their 'responsible disclosure' and recommendations about how to make the code safer. Open source makes it much easier and therefore much more likely that these kinds of people will notice and report exploitable flaws so that exploitation can be prevented.
The alternative is to hope that the few blessed/trusted souls with access to the source will consider every minute detail in every possible context/scenario against every possible creative/novel attack. Sometimes, a few big brains are no match for thousands or millions of brains, especially when the crowd has even bigger brains among it's numbers. You also have to trust that the high priests haven't been tempted to intentionally leave backdoors that they can exploit for themselves or those who've bribed or threatened them.
I already mentioned it but the quip is, "many eyes make all bugs shallow". This includes security bugs.