>> For security critical things (everything from HSM's to barbie dolls >> nowadays), we want a small core-team of developers and a large >> audience (something in the order of magnitude of at least 100) of >> people who can audit it. > > You need to distinguish though between "can audit" and "will audit". > If you want to create the presumption of auditability then by all > means use some sort of open format. However, if existing practice is > anything to go by, no-one will ever audit the code.
this tragedy is played out again and again > it'll never get audited unless you pay a third party to do it and we can barely afford to get the puppy out the door as it is. we are managing to get seriuos rng tests run by outside parties, more news in a bit. and someone volunteered to qa the rng verilog, but has yet to come through (and after i sent them my novena!). clue on how to increase audit desperately solicited. the ewd quote "Testing shows the presence, not the absence of bugs," comes to mind. > It just doesn't seem like a good idea to constrain the developers into > using inferior tools in order to accommodate an event that will almost > certainly never happen. actually, my read of philipp's message was a bit different. "Philipp Gühring" <[email protected]> wrote: > So my suggestion for Open Hardware projects is to have the designers > try to use KiCad or other OpenSource design software, if possible. > And if that isn´t possible due to limitations in the tools or the > designers being unwilling to use different software, try to find a way > to convert the design files to opensource-useable fileformats. (If you > need help with that, I might be able to help) i took that as if kicad does not have what we need to get the puppy out the door the engineers should use what they need to get it out but try hard to see that there is a reader for the design format and, if we can, convert to kicad or whatever later and he even hinted that he might have path(s) to the last item. but then i am a bit of an optimist. randy _______________________________________________ Tech mailing list [email protected] https://lists.cryptech.is/listinfo/tech
