Let's talk about the source code

Why Experts Want The Government To Release The Source Code Of Its Tracing App
By Sarah Basford, Gizmodo

"To turn [a source code] into an app for your phone, it gets translated into a language the phone understands — 'machine code'. Machine code is much harder for humans to read and understand than source code, in the same way a message written in Morse code is harder for most people to read than if it were written in English," Professor Richard Buckland, a cybercrime expert at UNSW, said to Gizmodo Australia.

Plenty of closed-source apps and programs have been hacked thanks to reverse engineering, Professor Buckland added, so not releasing a source code doesn't really make it any safer.

"It's important to realise that you don't need to be given the source code to be able to work out what it is. There are many tools to help moderately talented programmers take the app from their phone and 'reverse engineer' it to work out the source code from the app's machine code," Professor Buckland said.

"Not handing out the source code just makes it a bit more of a bother for people to examine the code for weaknesses but it doesn't actually stop anyone determined, such as bad guys. [Not releasing the source code] would likely turn the thousands of friendly eyes helping you into just tens."

"Hiding the code and legislating to keep it hidden will just hide the existence of problems from the public eye, until inevitable catastrophic failure occurs," Professor Buckland said, adding that the problems could then later be found by the 'bad guys'.

READ THE FULL ARTICLE ONLINE