[Cryptography] The World’s Email Encryption Software Relies on One Guy, Who is Going Broke
John Levine
johnl at iecc.com
Fri Feb 6 10:59:51 EST 2015
>> ProPublica is running a story about Werner Koch, ....
>He should be good now, with a promised $100,000 a year from Facebook and Stripe:
At least until he steps off the curb and is hit by a bus. No matter
how great a programmer he is, he's still only one guy. We certainly
don't want our crypto software written by hordes of junior
programmers, but I'd be a lot more comfortable if there were two or
three people who were familiar with the code and could intelligently
review each other's work. That costs a lot more than $100K/yr, not
impossibly more, but at least three times more.
Heartbleed is a good example of the problem -- someone looked at the
code when it went into openssl, but even though it's open source,
there is a serious shortage of eyes of people who understand the code
well enough to catch bugs on the way in.
R's,
John
More information about the cryptography
mailing list