[Cryptography] Security clearances and FOSS encryption?

Bill Cox waywardgeek at gmail.com
Tue Jul 8 13:38:58 EDT 2014


On Tue, Jul 8, 2014 at 12:27 PM, Rick Smith, Cryptosmith <me at cys.me> wrote:

> It should be clear by now from the conversation that holding a security
> clearance doesn't in general qualify or disqualify someone from working on
> FOSS.
>
> There are a lot of scenarios. A small number involve bad behavior by
> someone with a clearance, but we don't necessarily know if a person has a
> clearance. If someone intentionally subverts a FOSS project as their job
> representing an intelligence agency, then the agent isn't going to be
> bragging about security clearances. At least, a competent agent won't.
>
> In any case, it comes down to a single solution - assurance through
> multi-person control. Teamwork for system maintenance, teamwork for code
> review, teamwork for everything. Human error and incompetence are bigger
> risks, and we can reduce the risks with the same mechanism.
>
> Rick.
>

I agree with you.  Our CipherShed project is currently too small to worry
about this issue, so I am going to assume it's OK.  I'll post that to the
CipherShed PMC list.  Thanks for the well thought out replies!

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140708/25748457/attachment.html>


More information about the cryptography mailing list