[Cryptography] It's GnuTLS's turn: "Critical new bug in crypto library leaves Linux, apps open to drive-by attacks"
Jerry Leichter
leichter at lrw.com
Tue Jun 3 17:55:51 EDT 2014
On Jun 3, 2014, at 5:04 PM, Theodore Ts'o <tytso at mit.edu> wrote:
> There's actually a bigger problem, which is users can't tell whether
> or not a company has good security or not.... So from a economic signalling perspective, which makes more sense? (a) investing extra money to improve the company's security ... , or (b) employing marketing specialists to make it _appear_ that your company has really good security....
This is the "lemon market" problem that Ross Anderson refers to in the paper I sent a link to earlier today.
-- Jerry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140603/ad5aa95e/attachment.bin>
More information about the cryptography
mailing list