On Shifting “Windows” and “Security” from Less Antonymous to More Synonymous
(Page 4)
Users deserve assurance; security should come packaged with it. The trust of the user is pivotal. “Publish source code,” professes Phil. “Don't trust crypto products that don't.” In Practical Cryptography, we're conditioned to look at cryptography as a mechanism for minimizing trust. Limit who you trust and the extent to which you trust them. When users are left with developers offering the shallow reassurance of, “Trust me – it's secure,” there's really no incentive for trusting. Shift the trust from requiring the user to trust the word of the developer, to the user simply trusting the cryptography. Open the source. Analyze it mercilessly. Document it thoroughly. Present it impeccably. A 4-man San Diego band once rocked, “It's in the suit that you wear.” Competent precision is a carrier of assurance, so show users that you've got a clue as to what you're doing. Let them rest easy; let them rest assured.
You're going to have to maintain that trust too. Phil makes this very clear when he says, “Earn the trust of the users. Once you shoulder that burden, you can never put it down.” The fruit of maintaining it is two-fold; you preserve the user's assurance and you preserve your reputation as a source of secure software or hardware. Losing both is sometimes irrecoverable, and will, without a doubt, be difficult to pry off your name. I'm talkin' leech-with-a-vengeance difficult. A 5-man Calabasas collective once melodized, “Did you ever meet a leech who was good at goodbyes?” To the developers: If security (i.e., in the form of privacy) is a dividend to you, you'll probably pay no nevermind to this, but if it's a natural right of humanity you're protecting, you'll probably concur.
Alright, so I've spent over 1500 words on the kind of attitude Microsoft should have, and now I'll spend around the same on why I'm optimistic about Microsoft's potential for exhibiting this attitude and rendering what is poised to be a piece of cryptography that should be taken seriously. I'm ready. How 'bout y'all? Right this way.
<
1
2
3
4
5
6
7
8
>
