[Cryptography] VCAT report on NIST's process review

[Dave Horsfall]

On Wed, 16 Jul 2014, Peter Gutmann wrote:

> It's the ISO 9000 of security measures, keep doing what we've always 
> done but now there's a Documented Procedure in the Quality Manual for 
> it.

I actually did an ISO-9000 course.  Waste of time.  As you hinted, your 
goal could be to make the worst product of all time, and provided that it 
was documented thus (and you strived to make it thus), you too could be 
ISO certified.

-- Dave