Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] DecryptoCat

Reed Black reed at unsafeword.org
Mon Jul 8 09:31:03 PDT 2013


On Mon, Jul 8, 2013 at 4:34 AM, Maxim Kammerer <mk at dee.su> wrote:
> On Mon, Jul 8, 2013 at 4:34 AM, Tom Ritter <tom at ritter.vg> wrote:
>> As one of the people on this list who does paid security audits, I
>> both want to, and feel obligated to, weigh in on the topic.
>
> Thanks for your insight into code review process. Besides perhaps
> insinuating that Veracode didn't do their job properly, I don't see
> how it is in any way relevant to the Cryptocat incident discussed ITT.
> [...]
> There is absolutely nothing I can learn from this incident.

If it's all old review for you, I hope you will share even more
specific suggestions for others. CryptoCat has been a useful object
lesson, but already there is no shortage of threads for waggling the
finger of shame and personal criticisms. It helps that the discussion
goes to a more general discussion of review approaches and
precautions.

Tom's was the first message of the thread that was useful to forward
to my own project. Some specific suggestions are now tasks in our bug
tracker.



More information about the liberationtech mailing list