Porträt einer Person vor einer gelben Wand

Professor Karola Marky is heading the Digital Sovereignty Lab at Ruhr University Bochum. She is also a member of the CASA Cluster of Excellence.

 © RUB, Kramer

Point of view Breaking Away from the Secrecy of Source Code

According to computer scientist Karola Marky, whether government software in Germany is secure or not is currently down to luck. She calls for more open source solutions so that the good guys, too, can go bug hunting.

If we want to be able to vote online in Germany one day, we will need software with freely available source code. In Germany, people often perceive such open source solutions as insecure. They worry that attackers could find and exploit security gaps in the open source code. This is not true.

Many IT security experts also inspect such open source solutions and identify security gaps that can then be closed. An example from Switzerland shows how well this can work. There, the software for online elections was investigated in 2019 due to issues with software development.  The Swiss bought the code from the company, published it and launched a bug bounty hunting program: Whoever detected errors in the software would be rewarded with large sums of money. Since 2023, e-voting has been resumed in Switzerland for certain groups of people in certain locations with upgraded software.

At the moment, the processes for creating new software are a game of chance.

In some places, most public systems are open source. The same should be applied in Germany. This would help us to ensure that standards for software development are adhered to – and that software is both user-friendly and secure. At the moment, the processes for creating new software are a game of chance. Unfortunately, the result is often insecure software. The problem is that IT security is not as important as it should be in the minds of many decision-makers, or that trust in the software is imposed from the top down. Politicians often say things like “Such systems have never been attacked” or “We make secure systems”. However, without the code and sufficient transparency, there is no proof that this is indeed the case.

In Germany, we have a great deal of expertise in software development. There are competent companies, organizations such as the Chaos Computer Club and researchers. So far, however, expert knowledge has often been confined to specialist journals. If we want to have a secure digital democracy, we must all work hand in hand and involve the experts more effectively.

Links

Download high-resolution images
The selected images are downloaded as a ZIP file. The captions and image credits are available in the HTML file after unzipping.
Conditions of use
The images are free to use for members of the press, provided the relevant copyright notice is included. The images may be used solely for press coverage of Ruhr-Universität Bochum that relates solely to the contents of the article that includes the link for the image download. By downloading the images, you receive a simple right of use for one-time reporting. Saving the images for other purposes or further processing of the images that goes beyond adapting them to the respective layout requires an extended right of use. Should you therefore wish to use the photos in any other way, please contact redaktion@ruhr-uni-bochum.de

Published

Friday
28 February 2025
9:04 am

By

Professor Karola Marky

Translated by

Donata Zuber

Share