From American Needs More Techno-Optimism, a conversation between Marc Andreessen and Tyler Cowen.
Tyler: Why is open-source AI in particular important for national security?
Marc: Yeah. So, for a whole bunch of reasons. So, one is, it is really hard to do security without open source. And so there actually used to be…there’s actually two schools of thought on kind of information security, computer security broadly that have played out over the last 50 years. There was one school of security that says, “You wanna basically hide the source code.” And you wanna hide the source code precisely. And this seems intuitive because presumably you wanna hide the source code so that, you know, bad guys can’t find the flaws in it, right? And presumably that would be the safe way to do things.
And then over the course of the last 30 or 40 years, basically, what’s evolved is the realization, you know, in the field, and I think very broadly, that actually that’s a mistake. In the software field we call that “security through obscurity,” right? It’s sort of, we hide the code, people can’t exploit it. The problem with it, of course, is, okay, but that means the flaws are still in there, right? And so if anybody actually gets to the code, they just basically have a complete index of all the problems. And there’s a whole bunch of ways for people to get to code. They hack in and…
You know, it’s actually very easy to steal software code from a company. You hire the janitorial staff to stick a USB stick into a machine at 3 in the morning. So, like, you know, software companies are, like, very easily penetrated. And so it turned out security through obscurity was a very bad way to do it. The much more secure way to do it is actually open source. Basically, put the code in public and then basically, build the code in such a way that when it runs, it doesn’t matter whether somebody has access to the code, it’s still fully secure. And then you just have a lot more eyes on the code to discover the problems. And so in general, open source has turned out to be much more secure. And so I would start there. If we want secure systems, I think this is what we have to do.
No comments:
Post a Comment