Talk:Caroline

[JSpaith:] Recall your advice to us, Caroline, assuming the policy makers aren't so bright. Well I'm not that bright and I don't know what shibboleth means. Maybe best to leave it out of the 2nd sentence unless this is common public policy speak.

Santtu 11:27, 30 Nov 2004 (PST) Having looked up the word, I like it, but I would have had no idea what it means without looking it up.

The first sentence of the paper, though not technically a double-negative, kind of had that feel to it. "do not make secure ... do not demand it". I had to think about it a bit, so maybe you could reword slightly.

I'm nitpicking here :) - your intro was I think the best of the 5.

In "For the software ratings to be meaningful, Larry..." - you're supposed to use his last name, aren't you?

--Santtu 11:27, 30 Nov 2004 (PST) Being a bit picky: I don't think the latest version of Office comes with the "Paper Clip", at least it isn't on my default.

"First, the lab’s experts could study the plan, or specification, for the software, to see if security features, such as encryption and access control, have been included in the software." -- Including these features is not enough, they need to be used correctly. In the first pages of "Secrets and Lies" Bruce Schneier rants about how wrong he was in thinking that his Applied Cryptography book (very mathematically oriented with algorithms, etc) would solve security issues. Instead there are lots of programs that use algorithms or protocols described in Applied Cryptography (i.e. security is "included") but are insecure because the algorithms and protocols are implemented or used incorrectly.