[cryptography] Intel RNG

Jon Callas jon at callas.org
Tue Jun 19 02:14:35 EDT 2012

On Jun 18, 2012, at 9:03 PM, Matthew Green wrote:

> On Jun 18, 2012, at 4:21 PM, Jon Callas wrote:
>> Reviewers don't want a review published that shows they gave a pass on a crap system. Producing a crap product hurts business more than any thing in the world. Reviews are products. If a professional organization gives a pass on something that turned out to be bad, it can (and has) destroyed the organization.
> I would really love to hear some examples from the security world. 
> I'm not being skeptical: I really would like to know if any professional security evaluation firm has suffered meaningful, lasting harm as a result of having approved a product that was later broken.
> I can think of several /counterexamples/, a few in particular from the satellite TV world. But not the reverse.
> Anyone?

The canonical example I was thinking of was Arthur Anderson, which doesn't meet your definition, I'm sure.

But we'll never get to requiring security reviews if we don't start off seeing them as desirable.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20120618/fa1ecdf3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20120618/fa1ecdf3/attachment.sig>

More information about the cryptography mailing list