top | item 6011261

(no title)

dakimov | 12 years ago

My condolences to you. Now your product has become a target of mockery.

Also I love cats and feel sorry that the name of those lovely animals is used in a discredited entity.

The problem is that your product did not have just a security vulnerability, but had a number of blatantly unprofessional mistakes showing off ignorance and carelessness of its authors.

This is the worst that can happen with an author of open source and especially security software.

I hope at least you the poor cat's devs realize what has happened.

discuss

magikarp|12 years ago

I feel this is something that many a [insert security software in which critical bug was recently found here] has gone through. We've been following full disclosure principles and fixing bugs as they come for the past couple of years. It's really unfortunate that the comments tend to be so dismissive and personal — a quick look at our codebase or blog shows a serious and professional effort. That said, we definitely mess up.

Pyramids|12 years ago

While I admire the effort and overall mission, the problem is that when an application promotes 'secure communications', there are people who actually may use it as such.

Mistakes are understandable, however I think in-depth code review and auditing in any environment involving cryptography is an absolute must. Potentially, peoples lives could be jeopardized (either legally or physically) if they believed their communications were secure, when in fact they were not.

aortega|12 years ago

>I feel this is something that many a [insert security software in which critical bug was recently found here] has gone through.

No, not really. No this kind...

Alright I quit.

unknown|12 years ago

[deleted]