Re: Sequoia told

From: Joseph Lorenzo Hall <joehall_at_gmail_dot_com>
Date: Thu Feb 22 2007 - 16:58:57 CST

On 2/22/07, charlie strauss <> wrote:
> It makes one wonder why.
> I can think of six possible reasons.
> 1) it's so unprofessionally written that not only would it be an embarsssment but that currently the only assurance they have it is reasonably secure is due to obscurity (we know this turned out to be true in the case of deibold's leaked code which hardcoded passwords and used floats for vote counts.).

My money is on 1), although I would state it simply as: "Their code
was not written with disclosure in mind." If they intend to comply,
they might request some time before they can disclose (and there will
have to be a certification involved... and they're on the selling
block, too). It might not be worth it to them to do this right now
given this environment... when they can sell their systems elsewhere
in the short-term and not disclose. best, Joe

Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information
OVC-discuss mailing list
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Wed Feb 28 23:17:23 2007

This archive was generated by hypermail 2.1.8 : Wed Feb 28 2007 - 23:17:27 CST