NHS England's decision to remove its open-source software from the internet has sparked intense debate. The official reason is the fear that artificial intelligence models like Mythos could exploit the code to facilitate cyberattacks. However, critics from the healthcare and technology sectors believe this measure buries transparency and hinders the collaborative improvement of the British public health system.
Obscuring the code does not shield the system ๐
The security of software does not depend on its visibility, but on the robustness of its architecture and the frequency of its updates. Hiding the source code, known as security through obscurity, is a questioned strategy in computer engineering. A flawed design will remain vulnerable even if no one sees its inner workings. The open source community argues that public review allows bugs to be detected faster than an internal team, especially in an environment with limited resources like public healthcare.
The solution: hiding the keys under the digital doormat ๐งน
It seems the NHS's security strategy is akin to patching a leak with duct tape and hoping the rain doesn't find out. If AI can hack the source code, perhaps the problem is not that it is visible, but that it is written with the sturdiness of a house of cards in an earthquake. Meanwhile, developers will have to ask for permission by certified mail to fix a bug. Innovative, no doubt.