[Ach] Bug/Ba in OpenSSL
iang at iang.org
Tue Jan 7 21:10:08 CET 2014
On 7/01/14 13:25 PM, Aaron Zauner wrote:
> ianG wrote:
> > I'm curious -- where is BSAFE used? As far as I was aware, it was
> > mostly shipped to USG. Is it in general shipping with in any user field?
> > You mention “high security” proprietary windows and java applications
> > ... but are those things we should be worried about if we don't use
> > them? Any clue as to which they are?
> As far as I know it's used in a lot of commercial windows software,
> although I cannot name any particulars. If you google a bit you'll be
> able to find enough.
> > I need a pithy statement for this.
> Whats a pithy statement? :)
That's a pithy statement!
Pith in english is the white stuff in the peel in a citrus fruit :)
A pithy comment is one that is short, concise, on point and often
ironically or amusingly so. So, it is easy to remember, and might
become an aphorism.
I've found that when explaining tough concepts, having some pithy phrase
there to encapsulate it works better than rheems of blog posts and
arguments: "There is only one mode, and it is secure." People might
not agree with it, but they get the essential thrust, and as it comes up
again and again, they remember, and consider and rethink...
As another possibility: it often makes for fun reading if you can put a
quote into every heading. It takes a while to fill them all up, but
it's worth it for readability.
Any good quotes spring to mind?
More information about the Ach