[Info-vax] Should VSI create a security bug bounty program for VMS ?
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Thu Sep 1 13:08:50 EDT 2016
On 2016-09-01 16:47:32 +0000, Robert A. Brooks said:
> On 9/1/2016 12:19 PM, Stephen Hoffman wrote:
>
>> Good. There are opportunities for more than a little swamp-draining
>> available, certainly.
>
> Yeah, that exact phrasing was used during a discussion yesterday . . .
Ayup. I've always thought those laser microphones worked great, too.
But seriously, have a look at at macOS security for some idea of how to
try to tie some of the disparate pieces together, if VSI is headed
toward draining the deeper parts of the swamp. I don't expect VSI to
implement anywhere near all of that, but the ways that the encrypted
key stores and the APIs are implemented and how the pieces work
together is very reminiscent of old-time VAX/VMS design and
integration. The way the key bags work is particularly useful, as it
avoids needing to decrypt and re-encrypt the data.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list