I recently learned that my company prefers closed-source tools for privacy and security.

I don’t know whether the person who said that was just confused, but I am trying to come up with reasons to opt to closed-source for privacy.

  • wizardbeard@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    4 days ago

    In my experience the “privacy and security” argument is a smokescreen.

    The real reason is that it makes someone else responsible for zero-days occuring, for the security of the tool, and for fixing security problems in the tool’s code. With open source tools the responsibility shifts to your cybersecurity team to at least audit the code.

    I don’t know about your workplace, but there’s no one qualified for that at my workplace.


    A good analogy: If you build your house yourself, you’re responsible for it meeting local building codes. If you pay someone else to build it, you can still have the same problems, but it’s the builder’s responsibility.

    • jim3692@discuss.onlineOP
      link
      fedilink
      arrow-up
      0
      ·
      4 days ago

      That smokescreen argument makes a lot of sense. Both the company and our clients, tend to opt for ready out-of-the-box proprietary solutions, instead of taking responsibility of the maintenance.

      It doesn’t matter how bad or limiting that proprietary option is. As long as it somewhat fits our scenario and requires less code, it’s fine.

      • Ulrich@feddit.org
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 days ago

        That smokescreen argument makes a lot of sense.

        I don’t think it does. Remember the Crowdstrike blunder? Remember how many people blamed Windows?

        People don’t know or care who is managing your security.

      • 0x0@programming.dev
        link
        fedilink
        arrow-up
        0
        ·
        4 days ago

        instead of taking responsibility

        This is why, they prefer to shift the blame in case it hits the fan. That’s all, that’s it.
        They don’t care about code quality, maintainability or whatever.