US-Canadian body suspends certification of open-source encryption tool

Robert Brockway rbrockway-wgAaPJgzrDxH4x6Dk/4f9A at public.gmane.org
Mon Jul 24 19:49:52 UTC 2006


On Mon, 24 Jul 2006, Evan Leibovitch wrote:

> The suspension was in error, and the validation has since been un-revoked:
> http://oss-institute.org/index.php?option=content&task=view&id=166

The page suggests OpenSSL is now considered "not available" which means 
that those using it can continue to use it while new govt agencies cannot 
procure it.  This is consistent with the IT World Canada article and 
others.

What I find concerning is the focus on auditing code line by line. 
Government and business in general are doing a very poor job of keeping up 
with the basics of security[1].  They should sort out the basic stuff 
before worrying about auditing all the code they use.  Talk about ignoring 
the basic stuff to focus on the hard stuff.

For a lot of organisations:

- Physical security is poor
- Basic account management is not done (Eg, locking an a/c when a staff
   member leaves).
- Rsh use continues to be common
- Security patch management is patchy (sic)
- Oh the list goes on

Rob

-- 
Robert Brockway B.Sc.        Phone:          +1-905-821-2327
Senior Technical Consultant  Urgent Support: +1-416-669-3073
OpenTrend Solutions Ltd      Email:          support-wgAaPJgzrDxH4x6Dk/4f9A at public.gmane.org
                              Web:            www.opentrend.net
We are open 24x365 for technical support.  Call us in a crisis.

If you are emailing regarding an open ticket please consider
mentioning the ticket ID as this will assist us in responding
as quickly as possible.
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list