There’s the “executive” level of this stupidity where an app replaces their md5 ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

koolba on Jan 2, 2021 | parent | context | favorite | on: CVE Stuffing

There’s the “executive” level of this stupidity where an app replaces their md5 OpenSSL calls with their own internal copy pasta of the function.

“Look ma! We’re FIPS compliant now!”

whydoyoucare on Jan 6, 2021 [–]

Unfortunately, that happens because most regulations try to enforce a black-and-white rulebook, which is easy on the auditors but extremely difficult on those being audited.

I now thinks most compliance regulations are by auditors for auditors... :-D :-D

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact