[Cryptography] Security clearances and FOSS encryption?
Jerry Leichter
leichter at lrw.com
Fri Jul 11 05:44:23 EDT 2014
On Jul 10, 2014, at 6:45 PM, John Denker <jsd at av8n.com> wrote:
>> To the extent clearances do what they're supposed to do [....]
>
> Lost me already.
>
> The problem is, the clearance system has never worked
> very well AFAICT, and I've never seen a plausible
> proposal for fixing it....
Beautiful analysis; thank you.
It reminds me of an experience I had many years ago. I interviewed a woman applying for a job as a developer. She had a number of years of experience working for a large military contractor, working on codes for missile control or something of that sort. I was curious - and asked - what they did to make sure that such code was correct; after all, dropping a nuclear-tipped missile on the wrong city because of a bug could really ruin your day. Her answer left me chilled: "Oh, we don't have to worry about bugs. All our developers have security clearances. We can trust them completely." (Or words to more or less that effect.)
-- Jerry
More information about the cryptography
mailing list