The need for third party review of security

From: charlie strauss <cems_at_earthlink_dot_net>
Date: Thu Apr 19 2007 - 10:18:37 CDT

The other day I posted a mention of the Secustick which was a thumb drive touted as being secure which turned out not to be. Bruce Schneier a noted writer on security matters riffs on that subject today and winds up pointing out that the market for lemons in security products occurs because of the indistinguishability of marketing claims, true from false. We all saw that in the rush to market of DRE systems without proper attention but plenty of claims about voting secrecy, robustness, audit-ability, and transparency. He says this can be avoided by a trusted and independent third party review organization.

This adds to the case for OVC or a subsidiary to review and approve designs. Of course we had the ITA but that was not independent or open.
OVC-discuss mailing list
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Mon Apr 30 23:17:08 2007

This archive was generated by hypermail 2.1.8 : Mon Apr 30 2007 - 23:17:16 CDT