> For example, I have spent the past five years descending into the
> bowels of security and I can really tell you all one thing, you can't
> develop a security product that will work on your own. You really want
> to use an existing architecture and engineering work....even then, you
> will have to hire a top flight security engineering team to review your
> integration work...If you don't think so, you havn't been paying
> attention to all those bright folks at Netscape and Microsoft, who added
> a little security architecture to the web, hired some of the top five
> security experts outside of the military to supervise it, and then spent
> years getting spanked in public over implemenation flaws. And this was
> on a browser/web server system which is order's of magnitude less
> functional than any medical patient oriented requirements I know of.
I am one of the three authors of "molly", a nice data management package (distributed,
secure) for "escort services" in Europe. I've written it more than a decade ago, and
it still remains uncracked & unviolated (withstood several court cases) despite wide
usage in "the profession". These girls work under similar pressure as we in the
medical profession, and security / confidentiality issues are even higher. The only
thing that is not up to scratch in this package is the old fashioned text based user
interface, but otherwise it fullfills all my demands: secure & slim & fast &
absolutely reliable ... It CAN be done.
Horst
