[Cryptography] Other obvious issues being ignored?
Ray Dillinger
bear at sonic.net
Thu Oct 22 02:25:18 EDT 2015
On 10/21/2015 08:29 PM, Peter Gutmann wrote:
>
> Do you
> really want someone who has to constantly refer to a Checklist of Boneheaded
> Security Mistakes to be writing your crypto code? If you walked into a
> hospital for surgery and your surgeon started flipping through "Introduction
> to Open-heart Surgery for Dummies", would you feel comfortable going under the
> knife?
Do you really want to go up on an airplane with a pilot and crew who
have to check things off on a safety checklist with stupid crap like
making sure the landing gear works and the cabin pressure is good?
Even, you know, as a reminder that it's worth checking?
Aviation checklists do not mean that the people who use them are
incompetent. Neither do software development checklists.
But as I said, I have to make a compelling case as to why something
that may seem boneheaded is being included, so I need a story
illustrating its reality and the value of asking it, to go with
every darn question.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151021/82bf0566/attachment.sig>
More information about the cryptography
mailing list