Oh. Now I'm reading davideous' comment much differently. But the title of the blog post (ie "vs") makes it seem like they aren't making it open source so that the hardware is secure.
Yes, pritambaral described what I'm trying to point-out.
In think the "vs" in the title is saying this: they had to choose between open source (that is functional meaning you can really use the code and re-flash the device) and the secure hardware. It was a trade off of one "vs" the other, and this is their reasoning behind that trade-off.
Open source doesn't necessarily mean that you can put it on the device. I'm sure a lot of Yubico's critics would be happy with seeing the code even if it can't be flashed.
Yes, it would technically meet the Open Source Initiative's definition (https://opensource.org/osd), but if there was no way to re-flash the device, no way to verify the binary on the device, or possibly even no way build a binary (which may require proprietary tools under NDA from the chip manufacturer) -- I think a lot of critics would still be critics, but I could be wrong.
If Yubico did this it would be very interesting to see the reaction.
The general issue is when all hardware has software in, in the end it has to be open source. Going even further: The distinction between hardware, firmware, and software is logically irrelevant in terms of trust.
In think the "vs" in the title is saying this: they had to choose between open source (that is functional meaning you can really use the code and re-flash the device) and the secure hardware. It was a trade off of one "vs" the other, and this is their reasoning behind that trade-off.