NB: I am not speaking on behalf of my employer and this is my
personal opinion.
Banks in general do not use smart cards as they suffer from the same
issue as two factor non-transaction signing fobs - they are somewhat
trivial to trick users into giving up a credential. Connected keys
are
On 7/25/06, Dana Epp <[EMAIL PROTECTED]> wrote:
> But secure software is not a technology problem,
Yes it is.
> it's a business one.
> Focused on people.
This is part of the issue, not the whole issue.
> If smartcards were so great, why isn't every single computer in the
> world equipped with
David Crocker wrote:
> Crispin Cowan wrote on 21 July 2006 18:45:
>
>> Yes, you can have provably correct code. Cost is approximately $20,000 per line
>> of code. That is what the "procedures" required for correct code cost. Oh, and
>> they are kind of super-lin
But secure software is not a technology problem, it's a business one.
Focused on people.
If smartcards were so great, why isn't every single computer in the
world equipped with a reader? There will always be technology safeguards
we can put in place to mitigate particular problems. But technology
> Sorry, but it is a fact. Yes, you can have provably correct code. Cost
> is approximately $20,000 per line of code. That is what the "procedures"
> required for correct code cost. Oh, and they are kind of super-linear,
> so one program of 200 lines costs more than 2 programs of 100 lines.
Someon
David Crocker wrote:
> Crispin Cowan wrote on 21 July 2006 18:45:
>
>> Yes, you can have provably correct code. Cost is approximately $20,000 per
>> line
>> of code. That is what the "procedures" required for correct code cost. Oh,
>> and
>> they are kind of super-linear, so one program of 200
> As a result, really secure systems tend to require lots of user training
> and are a hassle to use because they require permission all the time.
No I disagree still. Consider a smart card. Far easier to use then the
silly bank logins that are available these days. Far easier then even
bothering
mikeiscool wrote:
> On 7/21/06, Florian Weimer <[EMAIL PROTECTED]> wrote:
>
>> Secure software costs more, requires more user training, and fails in
>> hard-to-understand patterns. If you really need it, you lose.
>>
> Really secure software should require _less_ user training, not more.
>