[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"a skilled backdoor-writer can defeat skilled auditors"?



On Wed, Jun 04, 2014 at 03:06:43AM +0200, [email protected] wrote:
> Your proposal would cause 99% of software currently in use to be
> rejected

That seems like a feature...

(note that I don't think most software should be audited as security
critical.  We can reduce the Trusted Computing Base and audit only those
bits.)

> and make the development costs increase as astronomically as
> to be compared to medical research.

I like to compare our current situation to the Steam Age.  There was an
enormous amount of innovation in steam power, heating, etc in the 1800s.
There was a concomitant lack of standardized safety measures, and
occasionally boilers exploded taking entire apartment buildings with
them.

Over time the rate of innovation decreased, standardization set in,
safety measures were instituted, and now we have boring steam radiators
in apartment buildings rather than exciting steam-powered Difference
Engines in our pockets.

-andy