[Cryptography] "Is FIPS 140-2 Actively harmful to software?"
Tom Mitchell
mitch at niftyegg.com
Wed Jun 25 19:48:36 EDT 2014
On Fri, Jun 20, 2014 at 1:32 PM, Salz, Rich <rsalz at akamai.com> wrote:
> > I don't think there's any good proof that FIPS certification is indeed
> better than nothing.
>
> There is only one that I have found: paying customers require it.
>
Yes this is true and if engineering management plays nice there are are
many positive cultural side effects.
A well managed and tightly controlled trusted computing base establishes a
manageable
code base and a foundation for groups to build on. Code in the trusted
code base might
differ in known ways from the main line product but any change needs to be
reviewed and
tested by the trusted code base team.
Code fixes to the trusted base can be offered to a customer with full
disclosure
that they are leaving the trusted computing bases and with the correct set
of NDAs
in place can be disclosed sufficiently to lets the customer decide.
Consider the recent
ssh bugs... these can be fixed packaged and offered.
The latency of certification makes it obvious to savvy customers that they
will
have to depart from the certified base in measured ways.
Sure it is a check-box for doing business but in many cases is not deployed.
It does take a handful of dedicated well managed engineers working
relentlessly as
well as a plan for the long term. Cowboys need not apply.....
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140625/5a234f89/attachment.html>
More information about the cryptography
mailing list