|
|
|
|
|
|
by JackC
4454 days ago
|
|
|
> Crypto is complicated and very hard to do well. Hell, any complex software is hard to do well. There will always, always be bugs. There will always be bugs, sure, but differences in the engineering approach can result in orders-of-magnitude differences in the frequency of bugs. For example, see "Some thoughts on security after ten years of qmail 1.0," where the qmail author explained why he thought qmail had a dramatically different security track record than sendmail: http://cr.yp.to/qmail/qmailsec-20071101.pdf The kind of things he's talking about can't just happen on the level of "more people submitting patches" and "more financial contributions." You need a top-down approach that's designed to produce secure code. |
|
|