"a skilled backdoor-writer can defeat skilled auditors"?
tpb-crypto at laposte.net
tpb-crypto at laposte.net
Thu Jun 5 12:42:51 PDT 2014
> Message du 04/06/14 05:40
> De : "coderman"
>
> On Tue, Jun 3, 2014 at 6:06 PM, wrote:
> > ...
> > Your proposal [building meaningful security in from the start] would cause 99% of software currently in use to be rejected and make the development costs increase as astronomically as to be compared to medical research.
>
> 1% making the cut is a far too generous estimate, perhaps 1% of 1%. as
> for the cost issue, which must be paid somewhere,
>
>
> you make two assumptions:
>
> first, assuming the externalities of insecure systems are simply
> non-exist-ant. the costs of our pervasive vulnerability are
> gargantuan, yet the complexity and cost of robust alternatives
> instills paralysis. (this lack of significant progress in development
> of secure systems feeds your defeatist observations; it's ok ;)
>
I kind of feel like an ant looking at the task of moving a mountain.
> second, that the schedules and styles of development as we currently
> practice it will always be. if you solved a core (commodity) infosec
> problem once, very well, in a way that could be widely adopted, you
> would only need to implement it once! (then spending five years and
> ten fold cost building to last becomes reasonable)
>
Yah no, we never know when a problem is really solved. We may consider it solved, then someone comes and breaks it for us. Not even formal proofs stand forever.
More information about the cypherpunks
mailing list