Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] DecryptoCat

Reed Black reed at
Mon Jul 8 09:31:03 PDT 2013

On Mon, Jul 8, 2013 at 4:34 AM, Maxim Kammerer <mk at> wrote:
> On Mon, Jul 8, 2013 at 4:34 AM, Tom Ritter <tom at> wrote:
>> As one of the people on this list who does paid security audits, I
>> both want to, and feel obligated to, weigh in on the topic.
> Thanks for your insight into code review process. Besides perhaps
> insinuating that Veracode didn't do their job properly, I don't see
> how it is in any way relevant to the Cryptocat incident discussed ITT.
> [...]
> There is absolutely nothing I can learn from this incident.

If it's all old review for you, I hope you will share even more
specific suggestions for others. CryptoCat has been a useful object
lesson, but already there is no shortage of threads for waggling the
finger of shame and personal criticisms. It helps that the discussion
goes to a more general discussion of review approaches and

Tom's was the first message of the thread that was useful to forward
to my own project. Some specific suggestions are now tasks in our bug

More information about the liberationtech mailing list