Yes, developers who use security APIs are generally uninformed. This is exacerbated by their managers who want software systems "finished and shipped yesterday". So when you're implementing a secure system where millions of dollars are entrusted to your system's security, hire an expert security developer who knows what they're doing, and give them the time and resources to do it correctly.
This is nothing new, and has been known by expert security developers for a long time. It only takes one hole/flaw to expose the whole system to a threat. Most developers aren't up to the task of getting every detail correct. But businesses seem to go on and develop critical security applications on a lowest-cost basis anyways. Too bad for the stupid managers who refuse to see the reality that good security takes time. From: [email protected] [mailto:[email protected]] On Behalf Of toorandom Sent: Monday, October 22, 2012 2:56 PM To: [email protected] Subject: Interesting article about mitm attack to ssl What do you think? https://twitter.com/toorandom/status/260418048035549185
