> Recommendation 1: NSA could provide open source reference implementations of cryptographic and other security-sensitive code.
This would negatively impact the market of folks who sell cryptographic implementations. I'm not sure the government should be doing that kind of thing. The government, through NIST, already certifies implementations of cryptographic algorithms and allows the marketplace to decide which product is superior.
> Recommendation 3: NSA could provide a training program for American software and IT professionals on security best practices. For bonus points, the cost of this program could be tax-deductible.
There are plenty of training programs that talk about security, some of which may already be tax deductible. (I am not an accountant, but I believe job related training is tax deductible.) CERT's Secure C Coding class and several SANS courses come to mind. Again, why should the government compete in these markets?
This would negatively impact the market of folks who sell cryptographic implementations. I'm not sure the government should be doing that kind of thing. The government, through NIST, already certifies implementations of cryptographic algorithms and allows the marketplace to decide which product is superior.
> Recommendation 3: NSA could provide a training program for American software and IT professionals on security best practices. For bonus points, the cost of this program could be tax-deductible.
There are plenty of training programs that talk about security, some of which may already be tax deductible. (I am not an accountant, but I believe job related training is tax deductible.) CERT's Secure C Coding class and several SANS courses come to mind. Again, why should the government compete in these markets?