[Cryptography] It's GnuTLS's turn: "Critical new bug in crypto library leaves Linux, apps open to drive-by attacks"

[ianG]

On 3/06/2014 22:55 pm, Jerry Leichter wrote:
> On Jun 3, 2014, at 5:04 PM, Theodore Ts'o <tytso at mit.edu> wrote:
>> There's actually a bigger problem, which is users can't tell whether
>> or not a company has good security or not....  So from a economic signalling perspective, which makes more sense?  (a) investing extra money to improve the company's security ... , or (b) employing marketing specialists to make it _appear_ that your company has really good security....
> This is the "lemon market" problem that Ross Anderson refers to in the paper I sent a link to earlier today.


Well, yes and no.  Ted starts off from the premise of the market for
lemons (Akerlof) but he also walks a path on how such a market moves to
more like a Spence market, where the perception of the article becomes
the product and not the article itself.

I call the Spence space a market in silver bullets [0] although I might
arrive it via a different path.

I will note that economics is difficult.  We may laugh and gawk at how
they mucked up recent times, but their work can be deep [1].  The
winning ideas can be picked up from wikipedia easily enough, but if one
is going to build on the ideas then one is wise to read the actual
papers to get a real view of what people like Akerlof said and also
importantly, did not say.



iang



[0] quick read:
http://financialcryptography.com/mt/archives/000721.html
long read:
http://iang.org/papers/market_for_silver_bullets.html
has detailed snippets from the actual relevant primary literature, as
opposed to passing around fruity comments around for lolz and credits.

[1] obCrypto is the Austrian literature which informs the cryptcurrency
world.  Or not, it's frequently and disastrously conflated with
libertarian literature, which isn't sound enough.