"a skilled backdoor-writer can defeat skilled auditors"?

[coderman]

On Tue, Jun 3, 2014 at 6:06 PM,  <tpb-crypto at laposte.net> wrote:
> ...
> Your proposal [building meaningful security in from the start] would cause 99% of software currently in use to be rejected and make the development costs increase as astronomically as to be compared to medical research.

1% making the cut is a far too generous estimate, perhaps 1% of 1%. as
for the cost issue, which must be paid somewhere,


you make two assumptions:

first, assuming the externalities of insecure systems are simply
non-exist-ant.  the costs of our pervasive vulnerability are
gargantuan, yet the complexity and cost of robust alternatives
instills paralysis. (this lack of significant progress in development
of secure systems feeds your defeatist observations; it's ok ;)

second, that the schedules and styles of development as we currently
practice it will always be.  if you solved a core (commodity) infosec
problem once, very well, in a way that could be widely adopted, you
would only need to implement it once! (then spending five years and
ten fold cost building to last becomes reasonable)


for now, it appears stasis and external costs are the status quo.  the
future, if here at all, is clearly not yet widely distributed...


best regards,