Quote:
Originally Posted by
mike_g
Its not an invalid argument. You suggested that they hire a coder to write a new encryption and authentication protocol. It would indicate that it would probably be closed source and insufficiently tested, and anyway why invent something new when there are plenty of well tested protocols that exist. Even Microsoft use open source encryption and authentication.
Just because its closed source does not mean it doesnt impliment a well tested algorithm, just that the company wont make it easier on potential hackers by telling them which algorithm. That's why I more or less disregard the opinion of anyone that claims you have to make your security open source to be sure its secure.
Quote:
You really have to take things to extremes don't you :p
You are the one suggesting you dont hire people for complex projects because they might drop dead at any moment.
Quote:
Death is unlikely, but possible.
Its also possible that a meteor will crush your entire company, o rthat a solar flare will wipe out your bank account. I can see now that the nitpicking result is probably what has happened to you before.
Quote:
A more probable scenario may be that the coder ends up working for someone else, and is simply to busy to fix the problems or maybe even just cant be bothered.
Then you either downsized them, ........ed them off, underpaid them, or soem other management related issue. If you have soemone that has critical knowledge that yoru company depends upon, you dont just get rid of them, thats stupid and a waste of human capital.
Quote:
Disagreements happen, and it doesent necessarily mean that anyone involved is emotionally unstable.
Disagreements that can only be resolved by the termination of current and future business relations DO NOT 'JUST HAPPEN'. Someone let their ego get in front of their intellect.
Quote:
Again, you are taking a reasonable statement and turning it into a drama. Which is a sign of emotional instability in itself.
ad hominem, I win.
Quote:
There is another issue with hiring one person to be the sole creator of your companies encryption/authentication, which is one of integrity. Whats stopping him/her from adding their own holes to subvert the system? It would certainly be a temptation. If the authentication is compromised, you may never find out - or at least until its too late.
What's stopping them? Oh if 5 to life and restriction from ever using a computer again for tampering with a computer system isnt enough then I don't suppose anything is stopping them. This isnt particular to security though, any programmer could add back doors to any piece of code. If you arent doing a thorough review of the code then that is the real problem, not the potential for abuse. If you can't understand the code then I guess we are back to your argument about 'dont hire smart people'.