I wasn't going to post the twitter stream relating to this. You can look it up. Veracode was questioned and Chris responded rather quickly. Most were fine with Veracodes response.
**disclaimer - I have no affiliation with Veracode and have not used their services. I do know some members in their team though and have found them to be very competent operators. On Saturday, September 7, 2013, Maxim Kammerer wrote: > On Fri, Sep 6, 2013 at 8:03 AM, Tom O <[email protected]<javascript:;>> > wrote: > > Posting a news article without context or response from Veracode is weak. > > That was just a reminder for a topic that has already been discussed > on this list. My main intention was to provide an example (in the form > of a post similar to yours) for Jonathan Wilkes' remark wrt. affected > reputation. > > > Chris Wysopal stated the static crypto checks were run to check if the > API's > > were implemented correctly, not implementation of custom keygen. > > I am sure there are after-the-fact excuses. Since you didn't provide a > reference, I assume that this specific excuse if not something worthy > of attention. Veracode's report is here, if you are interested: > > https://blog.crypto.cat/wp-content/uploads/2013/02/Cryptocat_Attestation_Veracode_20130222_final.pdf > > Looking at the code is indeed not mentioned in the report, so it's all > fine, I guess — just make sure something like that is in the next > contract. > > -- > Maxim Kammerer > Liberté Linux: http://dee.su/liberte > -- > Liberationtech is a public list whose archives are searchable on Google. > Violations of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > [email protected] <javascript:;>. >
-- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
