Hacker News new | past | comments | ask | show | jobs | submit login

Why not leave it to the private sector?



Among other reasons, because the private sector sucks at it.


The latest SHA3 was determined in a competition amongst private sector contestants, won by Keccak. Schneier himself put up a candidate - Skein.

Edit: Then there's TrustedBSD (as opposed to SELinux)


SHA3 was a contest run by NIST, known to its friends by its other name, NSA.


Have you seen what passes for security, even in tech companies that sell primarily security?


Actual quote from the CTO of a company that makes some security-related software (it's a major selling point) for a specific sector. They probably have over a hundred million people using this stuff day-to-day, indirectly, and hundreds of direct, large customers. Security bypass can easily cost hundreds of thousands a month.

I had found a backdoor in their platform, so I asked if they had such basic holes, how they managed to write a large C-based app securely. Like, buffer overflows, for example.

CTO/head of development replied: "Buffer overflows? Probably not an issue, unless the network is really fast." Cringe.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: