Last Wednesday I attended Professor Eben Moglen’s lecture in Edinburgh, he is presenting here for the second time in two years. Here are some notes.
Defining the problem: Software is everywhere, it’s in cars, hospitals, in buildings, and in all other sort of devices. “There is software in the things that power people’s hearts”, there are no requirements on the type of software that goes into those devices. Software powers airplanes, and software fails. All of these software solutions sometimes fail because the software has been acquired from providers with indemnities, or acquire it unlawfully. Providers do not have requirements to disclose the provenance of a piece of software.
If software has clashes in the system in an airplane, it is difficult to determine how it was acquired, or what incompatibility may have caused the failure. We allocate more resources to areas that are less important than software-related activities, which may create some liability nightmares. Moglen said “Liability nightmares may be good things for some people in the audience”. However, these are serious subjects where software security may be a matter of life and death, so why the lack of oversight?
Another example are potential issues with software that powers financial markets. In financial markets there have been all sorts of strange goings-ons with software, yet manufacturers do not have the ability of declaring the software provenance, and potential incompatibilities.
Linus’ Law “with enough eyeballs all bugs become shallow”. This is one of the most important aspects that make free software secure. Peer review and peer examnation of code produce more resilient software. We need civil society to stop failures the likes proprietary software may be causing. “We need inspectable and examinable materials in the building blocks of our architectures”
Europe does not allow free software in medical devices. Violating GPL is bad form from practical and moral reasons. There is controversy with regards to the security differences between Free Software and proprietary software in the same way that there is controversy about the way that supposedly some people mistakenly press accelerators when they want to press the break.
Questions: Person asks why open licences are not more open to discussion, she clearly does not know the drafting process of the GPL v3.
My take: Professor Moglen was clear that this is a topic in its earliest stages of development, and it shows that it is a work in progress. I agree that free software is more secure, and that we should perhaps encourage it more in situations where lives matter.