US-Canadian body suspends certification of open-source encryption tool
Robert Brockway
rbrockway-wgAaPJgzrDxH4x6Dk/4f9A at public.gmane.org
Mon Jul 24 19:49:52 UTC 2006
On Mon, 24 Jul 2006, Evan Leibovitch wrote:
> The suspension was in error, and the validation has since been un-revoked:
> http://oss-institute.org/index.php?option=content&task=view&id=166
The page suggests OpenSSL is now considered "not available" which means
that those using it can continue to use it while new govt agencies cannot
procure it. This is consistent with the IT World Canada article and
others.
What I find concerning is the focus on auditing code line by line.
Government and business in general are doing a very poor job of keeping up
with the basics of security[1]. They should sort out the basic stuff
before worrying about auditing all the code they use. Talk about ignoring
the basic stuff to focus on the hard stuff.
For a lot of organisations:
- Physical security is poor
- Basic account management is not done (Eg, locking an a/c when a staff
member leaves).
- Rsh use continues to be common
- Security patch management is patchy (sic)
- Oh the list goes on
Rob
--
Robert Brockway B.Sc. Phone: +1-905-821-2327
Senior Technical Consultant Urgent Support: +1-416-669-3073
OpenTrend Solutions Ltd Email: support-wgAaPJgzrDxH4x6Dk/4f9A at public.gmane.org
Web: www.opentrend.net
We are open 24x365 for technical support. Call us in a crisis.
If you are emailing regarding an open ticket please consider
mentioning the ticket ID as this will assist us in responding
as quickly as possible.
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list