Every one to two years seems fine to me as "consumer". Maybe with
emergency updates in-between when critical issues appear?
Ideally the website would announce, that the document is regularly updated.
frank
On 11/10/18 22:05, Susan E. Sons wrote:
There are some corners of the guide that are out of date, but I haven't
yet found a better resource to point operators to if they aren't
familiar with these security concerns.
I'm constantly coming across problems caused by even the software
developers' "best practice" recommendations being completely wrong. For
example, several major CMSes advise that all executable parts of the CMS
be writable by the web server! Well-meaning admins follow these best
practices guides not knowing that they are making their installations
insecure by doing so.
If there were an effort to update the existing material, however, I
could probably chip in a small amount of effort from my staff at the
Center for Applied Cybersecurity Research to assist with those updates.
A new version every year or two may be the best we can do.
Susan
On 10/11/2018 01:14 PM, Frank Thommen wrote:
Hello,
recently someone asked, if this (bettercrypto?) project is dead. My
impression is, that it is at least extremely passive. Not being a
security and network protocol expert I nevertheless think that the
"Applied Crypto Hardening" paper of 2016
(https://bettercrypto.org/static/applied-crypto-hardening.pdf) is
probably very, very outdated and maybe even dangerous to rely on.
Questions:
a) Is there some kind of successor project/paper with up to date
copy-paste recommendations for good security settings as they
were published in this paper (which was fantastic at the time)?
b) could/should the paper of 2016 not better be removed from the
website?
Cheers
frank
_______________________________________________
Ach mailing list
[email protected]
https://lists.cert.at/cgi-bin/mailman/listinfo/ach
_______________________________________________
Ach mailing list
[email protected]
https://lists.cert.at/cgi-bin/mailman/listinfo/ach
