| Abstract: | It was clearly bad news for Cisco itself when a portion of its IOS software surfaced for a few days in May on a Russian website. But it was difficult to obtain a consensus within the security industry over the potential threat posed by the breach to the Internet as a whole or to the countless private IP networks. Given that IOS drives most of the world's routers that direct traffic both through the Internet and private networks, theft of some of its source code clearly gives hackers the potential to exploit vulnerabilities that would be hard to identify otherwise. Naturally the Open Source community pounced on the issue, as they did earlier in the year when some Microsoft Windows source code was stolen, with the argument that any system relying on secrecy for security is fundamentally flawed and by definition insecure. Kerckhoff's law that “a system should be designed to be secure if everything is known about it except the key information” was trotted out as an argument that closed source software such as IOS and Windows would soon be extinct, ushering in the golden age of open source. |
