Yubico: Secure hardware vs. open source

Post Syndicated from corbet original http://lwn.net/Articles/687676/rss

Yubico has posted a
blog entry
defending the company’s decision to switch to closed-source
code in the Yubikey 4 product. “If you have to pick only one,
is it more important to have the source code available for review or to
have a product that includes serious countermeasures for attacks against
the integrity of your keys?

See also: Konstantin
Ryabitsev’s response
to this posting. “When it comes to any
hardware, we must at some point trust the manufacturer — unless we have
very large budgets that would allow us to fully monitor every step of the
manufacturing process. In the absence of such large budgets, we must base
our trust on the company’s prior record and their willingness to work with
the community to show that their hands are clean and their intentions are
pure. Putting out a blackbox proprietary device after all the good will you
have built up with NEOs sends the exact opposite message.