[Cryptography] Security clearances and FOSS encryption?

Jerry Leichter leichter at lrw.com
Fri Jul 11 05:44:23 EDT 2014


On Jul 10, 2014, at 6:45 PM, John Denker <jsd at av8n.com> wrote:
>> To the extent clearances do what they're supposed to do [....]
> 
> Lost me already.
> 
> The problem is, the clearance system has never worked 
> very well AFAICT, and I've never seen a plausible
> proposal for fixing it....
Beautiful analysis; thank you.

It reminds me of an experience I had many years ago.  I interviewed a woman applying for a job as a developer.  She had a number of years of experience working for a large military contractor, working on codes for missile control or something of that sort.  I was curious - and asked - what they did to make sure that such code was correct; after all, dropping a nuclear-tipped missile on the wrong city because of a bug could really ruin your day.  Her answer left me chilled:  "Oh, we don't have to worry about bugs.  All our developers have security clearances.  We can trust them completely."  (Or words to more or less that effect.)
                                                        -- Jerry




More information about the cryptography mailing list