[Cryptography] best practices considered bad term
Kent Borg
kentborg at borg.org
Mon Feb 2 20:02:56 EST 2015
On 02/02/2015 07:05 PM, Arnold Reinhold wrote:
> But what is the alternative to best practice recommendations for
> cybersecurity? Telling every business to hire a consultant?
Admit we are in a wild-west era--say so--tell businesses that there are
no magic bullets, they need to be cautious, worried, and skeptical
buyers. Give is a few decades (!) and things will maybe calm down some.
> Leaving the field to marketing departments with breathless claims of
> 5000-bit security or trade magazine articles written by writer who
> know little about the subject?
Promote open source software: cheaper, less need to be
buzzword-compliant, more hope of being well implemented.
Maybe lobby the US government to understand that the US is arguably the
most cyber-dependent economy, that more secure computer systems are a
net gain for the US; that they should quit promoting and cherishing
vulnerabilities.
There are some standards being developed, for example regarding credit
card systems, they will continue to evolve as money continues to be
lost, so stagnation is less a problem there.
But we have had a major revolution in high tech and con men will come to
these new fertile fields. We are in for some bumpy years here, no matter
what we say, so let's be honest about that to warn people. Council
caution, maybe not computerize and network everything as fast as
possible. (Online voting? No! Paper is great stuff.)
-kb, the Kent who drives an extremely manual car, because he know about
computers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150202/1485677a/attachment.html>
More information about the cryptography
mailing list