Let’s say, I create a bank with the caveat that all of my banking phone apps and webapps are FOSS (or if they depend on non-free components — banks probably do to communicate with each other —, then just OSS). Am I going to be behind the competition by doing this?

If the most secure crypto algorithms are the ones that are public, can we ensure the security of a bank’s apps by publicizing it?

Are they not doing this because they secretly collect a lot of data (on top of your payment history because of the centralized nature of card payments) through these apps?

EDIT: Clarifying question: Is there a technical reason they don’t publicize their code or is it just purely corporate greed and nothing else?

  • Victor Villas@beehaw.org
    2·
    1 year ago

    Am I going to be behind the competition by doing this?

    Yes, because you are due a lot more diligence with open source, and that will slow down your releases.

    If the most secure crypto algorithms are the ones that are public, can we ensure the security of a bank’s apps by publicizing it?

    You trade security by obscurity for security by expert oversight. I’m not a lawyer or baking auditor, but I’d say while zero-days are problematic for open source software projects; they can be life-ending for banks.

    Is there a technical reason they don’t publicize their code or is it just purely corporate greed and nothing else?

    This is a false dichotomy. Financial reasons to not publicize the code are technical reasons. Finance is technical.