Re: Good security related article
From: J. Peter Mugaas (oma00215_at_mail.wvnet.edu)
Date: Fri, 14 May 2004 21:44:36 -0400
On Thu, 13 May 2004 21:06:48 +0200, "Henrick Hellström [StreamSec]" wrote:
> Functionality does not equal quality, and no amount of
> beta testing will ever reveal a security flaw. Too many products are
> merely "buzzword compliant"; they use secure cryptography, but they are
> not secure."
And the rub is that some of these products have to use some older protocols
and older encryption methods because they have to inter-operate with some
other software (some of that software is going to be difficult if not
impossible to replace or upgrade). For mass deployment (mass sales), you
have to support as much as you can and one-up the competition. I think
users will give lip service to security but I suspect that they really want
features (at least on the client side).
-- Support the anti-Spam amendment - Join at http://www.cauce.org/ J. Peter Mugaas, email@example.com on 11/29/2003 http://wvnvm.wvnet.edu/~oma00215/