Steven Furlong wrote:
> Now, I think your general point is right, that it would be somewhat
> difficult for a subverted programmer to insert deliberately broken
> crypto, and a very bet to expect it to stay in for any length of time.
^---
> However, if the privacy software companies operate anything like the
> companies I've worked for or consulted at, it could well happen.
Duh, that's supposed to be "very bad bet".
Also, I should note that an ISO-900x shop will have procedures that
should be followed for all aspects of development. The procedures aren't
a cure-all, but they do make surreptitious bad behavior much less
likely. Alas, not many software shops have ISO-900x certification.
--
Steve Furlong, Computer Condottiere Have GNU, will travel
518-374-4720 [EMAIL PROTECTED]
