On Sun, Aug 18, 2002 at 01:46:09AM -0400, dmolnar wrote:
|
|
| On Sat, 17 Aug 2002, John Kelsey wrote:
|
| Also, designing new crypto protocols, or analyzing old ones used in odd
| ways, is mostly useful for companies that are offering some new service on
| the net, or doing some wildly new
At 12:57 PM 8/16/02 -0400, Perry E. Metzger wrote:
...
I've seen very high rates of unemployment among people of all walks of
life in New York of late -- I know a lot of lawyers, systems
administrators, secretaries, advertising types, etc. who are out of
work or have been underemployed for a
At 04:21 AM 8/16/02 -0400, dmolnar wrote:
...
Don't forget schedule pressure, the overhead of bringing in a contractor
to do crypto protocol design, and the not-invented-here syndrome. I think
all of these contribute to keeping protocol design in-house, regardless of
the technical skill of the
On Fri, 16 Aug 2002, Adam Back wrote:
failure to realise this issue or perhaps just not caring, or lack of
financial incentives to care on the part of software developers.
Microsoft is really good at this one. The number of times they
re-used RC4 keys in different protocols is amazing!
Adam Back [EMAIL PROTECTED] writes:
Are there any more definitive security industry stats? Are applied
crypto people suffering higher rates of unemployment than general
application programmers? (From my statistically too small sample of
acquaintances it might appear so.)
Hard to say.
Hey, this is off-topic for DRM-punks! ;)
more seriously: I think the fundamental issue is that crypto doesn't
really solve many business problems, and it may solve fewer security
problems. See Bellovin's work on how many vulnerabilities would be
blocked by strong crypto. The buying public can't
Having devoted security personnel is a low priority at most companies.
General engineers will be tasked with figuring out how to incorporate
security and cryptography into products. I have visited many a company
where I am talking to a room full of very sharp engineers, but there is
a fundamental
