April 18, 2011
thawte: strange security recommendations
Got mail from Thawte (company is their customer) with the following recommendations:
--
Our NEW, in-depth white paper, "Securing Your Private Keys as Best Practice for Code Signing Certificates," shows how to make your organization too difficult for cyber-criminals to target. Learn how to:
• Minimize access to source code
• Formalize processes with test and release signing
• Deploy a test root certificate and server
• Use cryptographic hardware devices
--
I always thought that open-sourcing and through testing makes system much more security attack-resistive. I have not yet read the document, but this annotation sounds some strange.
--
Our NEW, in-depth white paper, "Securing Your Private Keys as Best Practice for Code Signing Certificates," shows how to make your organization too difficult for cyber-criminals to target. Learn how to:
• Minimize access to source code
• Formalize processes with test and release signing
• Deploy a test root certificate and server
• Use cryptographic hardware devices
--
I always thought that open-sourcing and through testing makes system much more security attack-resistive. I have not yet read the document, but this annotation sounds some strange.
