Re:Does "open" include the ability to spoof caller (Score 2, Informative)

I understand your fears, but really this is ye old security by obscurity argument plus PBX's are not main exchanges.

A home/smb PBX still has to connect to a main secure backbone exchange and as far as I remember they should validate your allocated range of callerID numbers or simply only allow a single switchboard callerID to be sent out. ISP's and Telecom's companies like cut deals and flog "authorized/validated/authenticate" hardware, but really that is more about signals strengths and kick backs than a secure box. User premises equipment must be assumed to be inherently hackable - end of story. The server/exchange side interface (ie. trusted telephone exchange) is where hacks are supposed to be caught.

Sure in theory you could spoof the exact callerID within your range, but you can argue any 3rd party home PBX system could be capable of that. At least if the source is open, there is more change of reviewing whether it is definitively possible or not, before or after an incident. With closed systems, you are completely trusting the vendor and even with court action it would be hard if not impossible to get access to their source to prove it either way.

What your home/smb does with its local PBX side is its own biz and you have to trust that yourself, just as you had to blindly trust some 3rd party PBX manufacturer of the past.