technical: open source
Open Source as Insurance
by Brent Kirkpatrick
(Date Published: 05/04/2017. Revised: 05/21/2018.)
Hacking and computer security challenges are often beyond the ability of one programmer to fix. Recall that program verification is undecidable. Again, we need a community of effort to address security challenges. The shared source and shared development model of open source allows the whole community to work on re-securing the OS after major security challenges. This is a sort of insurance.
Insurance is a scheme of shared liability for unpredictable, costly events. Every customer pays in to insurance against the future possibility that they may need a large pay-out (typically larger than the sum of their contributions). Open source can be viewed as pseudo-insurance scheme. Every individual programmer pays in a tiny fraction of the total code base.
A major security challenge, like a worm, is a shared costly event. Several developers may contribute to finding, analyzing and repairing the crucial vulnerabilities. This is how the open source model spreads the time and cost of creating security patches over the community.
defendIT (TM). AI-driven incident response measures derived from security incident data.