So open sourcing Tor, which protects our foreign operatives, was a bad idea? Implementing secure sockets for the web (TLS) was a bad idea? Publishing security vulnerabilities publicly (CVE system) was a bad idea?
All of those help our adversaries, but our adversaries also have an incentive to improve the code so everyone benefits.
Sure, there are probably some things that shouldn’t be released (i.e. something w/ a legitimate national security concern), but by and large, most things should. Tax software absolutely should, because there’s zero reason for the software you use to file your taxes (which is a legal requirement) to not be publicly auditable, because you’re on the hook for any mistakes it makes.
So open sourcing Tor, which protects our foreign operatives, was a bad idea? Implementing secure sockets for the web (TLS) was a bad idea? Publishing security vulnerabilities publicly (CVE system) was a bad idea?
All of those help our adversaries, but our adversaries also have an incentive to improve the code so everyone benefits.
Sure, there are probably some things that shouldn’t be released (i.e. something w/ a legitimate national security concern), but by and large, most things should. Tax software absolutely should, because there’s zero reason for the software you use to file your taxes (which is a legal requirement) to not be publicly auditable, because you’re on the hook for any mistakes it makes.