[Cryptography] Security clearances and FOSS encryption?

[Mrten]

On 12-07-2014 12:59:46, Jerry Leichter wrote:
> On Jul 11, 2014, at 1:34 PM, Brian Gladman <brg at gladman.plus.com> wrote:

>>> It reminds me of an experience I had many years ago.  I interviewed a
>>> woman applying for a job as a developer.  She had a number of years of
>>> experience working for a large military contractor, working on codes
>>> for missile control or something of that sort.  I was curious - and
>>> asked - what they did to make sure that such code was correct; after
>>> all, dropping a nuclear-tipped missile on the wrong city because of a
>>> bug could really ruin your day.  Her answer left me chilled:  "Oh, we
>>> don't have to worry about bugs.  All our developers have security
>>> clearances.  We can trust them completely."  (Or words to more or less
>>> that effect.)
>> 
>> It's a nice story, Jerry, but I very much doubt that it was a true 
>> reflection of the situation (I assume this is a US anecdote).

> It was, indeed, in the US.
> 
>> Prior to retiring from the UK Ministry of Defence ... I was the Chief
>> Scientist for ... the UK body that manages the safety of weapons systems
>> deployed by the UK Armed Forces....  We took the safety and integrity of
>> computing and software in weapons... very, very seriously and my contacts
>> with my US counterparts suggest to me that they were no less dligent in
>> such matters.

> I have no way of knowing how true this person's statements actually were,
> and if true, how broadly such attitudes were held and at what levels of the
> organization.  The fact is, one person who had worked in this field came
> away with this understanding of how to produce reliable software.  It was
> *that* that I found chilling.

This seems to be a perfect example of a miscommunication, depending on the
actual wording of the question of course:

One person thinks "software errors" when he hears "bugs", and the other person
thinks "listening device".

Looking back, could that have been the case?

M.