Flaws in OpenSSL FIPS Object Module
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Dec 4 03:53:52 EST 2007
Paul Hoffman <paul.hoffman at vpnc.org> writes:
>At 9:58 AM -0500 12/3/07, Perry E. Metzger wrote:
>>I don't know if people have been following this, but it is interesting
>>from the point of view of studying how the FIPS process does (or does
>>not) interact with the underlying goal of producing assured systems.
>
>Another interesting part is that open-source systems are much more
>susceptible to being attacked by competitors (that is, having their
>validation suspended) than are closed-source systems.
That's a good problem statement for the dark side of "many eyes make bugs
shallow".
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list