XML co-founder Tim Bray: Beware of spies in your software

Governments are a key offender, he stresses, advising use of HTTPS and OpenPGP to block software-based security threats

Developers must address the serious issue of software-based threats, which leave users vulnerable to intruders, particularly governments, XML co-founder Tim Bray said Wednesday.

During his brief presentation at the O'Reilly Open Source Convention (OSCON) in Portland, Ore., Bray -- formerly of Google and Sun Microsystems -- emphasized that threat reduction needs to be a priority, particularly in the era of Edward Snowden, who last year revealed spying efforts by the National Security Agency. "The organizations causing us the most concerns these days of course are our own governments," scooping up information and keeping it, said Bray. He dismissed the notion that people with nothing to hide have nothing to worry about when it comes to electronic-based spying.

Bray's remarks come right after a researcher claimed Apple's iOS mobile devices have undocumented services for use by the government and Apple itself to collect users' personal information. But Apple has issued a statement denying the existence of any backdoor services for government agencies, according to published reports.

Governments are not the only concern, Bray noted. He cited a website that sells stolen user accounts at moderate prices. "[There are] people out there trying to steal your users' accounts and do bad things to them." Bray stressed developers need to leverage the HTTPS protocol, providing for secure network communications.

Learning the OpenPGP email encryption standard also is a good idea, Bray said. "Let's get out there and take good care of our users," said Bray. While some computer-based threats require political solutions, there are steps engineers can and should take without asking anybody's permission, he said.

This article, "XML co-founder Tim Bray: Beware of spies in your software," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.

Copyright © 2014 IDG Communications, Inc.

How to choose a low-code development platform