[liberationtech] DecryptoCat

[Michael Rogers]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/07/13 20:35, Maxim Kammerer wrote:
> Writing secure software is relatively easy, and does not rely much
> on abstraction layers or whatever OOP ideology is popular at the
> moment. You just document each function' input/output, test it
> somehow, and check input/output requirements when calling any other
> function. The simpler, the better, it's not difficult.

This is contradicted by a mountain of evidence. The great majority of
developers clearly don't find it easy to write secure software. If
they did, we wouldn't see a constant stream of security patches for
new and old software alike. Google and Mozilla wouldn't have to run
competitions to find holes in their own browsers. There wouldn't be a
multi-million-dollar 0day black market. It wouldn't be possible for
the NSA (according to Snowden) to "simply own" the computer of any
person of interest.

Writing secure software is much, much harder than simply writing
comments, writing tests and coding defensively. You might as well say
that good government consists of wearing a suit, talking about laws,
and remembering not to have wars or recessions.

Cheers,
Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJR28w5AAoJEBEET9GfxSfMLT8H/RUK16xsgpomruwd+qZx3hl6
endDibCLoMFL4zWiTtupOMLjxhyvziZFeLKzLb7HGjch9f8tXKG6SRb1PuedIEAd
znZ8Myeg7somPbrdVnNQOHZycwIpYOpWRyo3ZLXl0enbv8H+RjfzVKB1NWmyvYLM
p5PnRJJOtKcuvkXon00uomVe3yHJrbF0ra8D03btv2+AuOU7pHqk6a+OyYJQMlOy
xFc4IAWVth8Z2MgfbQl0HGEvpdJbkwKWMJf1U8KfZHAr4IyrozGIAupBRRCGL88t
P3xZyDUO36n14uG7x6aSUD2pTe534wmWyWTU8+ABqLiMduqK/p0L9tBdRZqWMG8=
=5mEN
-----END PGP SIGNATURE-----