[Cryptography] Security clearances and FOSS encryption?

[Brian Gladman]

On 11/07/2014 10:44, Jerry Leichter wrote:

> It reminds me of an experience I had many years ago.  I interviewed a woman applying for a job as a developer.  She had a number of years of experience working for a large military contractor, working on codes for missile control or something of that sort.  I was curious - and asked - what they did to make sure that such code was correct; after all, dropping a nuclear-tipped missile on the wrong city because of a bug could really ruin your day.  Her answer left me chilled:  "Oh, we don't have to worry about bugs.  All our developers have security clearances.  We can trust them completely."  (Or words to more or less that effect.)

It's a nice story, Jerry, but I very much doubt that it was a true
reflection of the situation (I assume this is a US anecdote).

Prior to retiring from the UK Ministry of Defence (in the mid 1990s), I
was the Chief Scientist for the Ordnance Board, the UK body that manages
the safety of weapons systems deployed by the UK Armed Forces (it has a
history going back to the 1400s).

We took the safety and integrity of computing and software in weapons
fusing, arming and release very, very seriously and my contacts with my
US counterparts suggest to me that they were no less dligent in such
matters.

In fact, one of the biggest issues we faced was that of ensuring that
advances in the formal analysis of security critical systems would be
available for use in the analysis of safety critical systems in a
situation where some of the 'players' would have much preferred to keep
these techniques under wraps.

   Brian