Regarding the Heartbleed bug, SSL and TLS vendors used to require code security reviews before CAs would accept certificate requests from that implementation. My firm Consensus Development was the only one offering these reviews, largely because other security firms were scared of liability issues. Over 50% of the products failed in less then 8 hours of review, typically for very stupid mistakes. The CAs stopped asking us for reviews because it was slowing down sales of certificates.
A blog on social software, collaboration, trust, security, privacy, and internet tools by Christopher Allen.
Over my lifetime I have encountered a number of “tools for ignition” — a phrase which I use to describe innovative products that have empowered people and created movements. On the 25th anniversary of Hypercard’s introduction, I want to take a look back at some of these tools. BASIC (1976) In 1976 I encountered my first tool for ignition: Bill Gate's MicroSoft BASIC running on the IMSAI 8080. There was no ROM on this computer, so you had to load a boot program using the front panel switches you see above.
I've been working on an ambitious list of topics that I'd like to cover over the next year. I offer them to you here so you can have some idea the areas that I am thinking about. Office Architecture for Innovation -- Over the years I've built or converted three offices to my specifications. From this I have learned a number of things about about how to create a productive environment innovation-oriented businesses.
I believe that as we evolve social software to better serve our needs and the needs of the groups that we are involved in, we need to figure out how to apply an understanding of how human groups behave and work. One useful concept I use I call "Progressive Trust". The basic idea is to model how trust works in the real world, between real people, rather then solely relying on mathematical or cryptographic trust.
As I head out next week to the RSA Conference I realized that it has been 13 years since I attended the first one. I remember fondly the potential and power of cryptography technology in 1991 -- public keys, digital certificates, new possibilities for privacy, digital cash, etc. After 8 more years I left the compujter security industry on March 15, 1999. The computer security industry also seemed to be filled with as much potential as it did back in 1991.