Stanford Prof On
Black Box Secrecy
11-3-4

"Why am I always being asked to prove these systems aren't secure? The burden of proof ought to be on the vendor.

You ask them about the hardware. "Secret."

The software? "Secret."

What's the cryptography?
"Can't tell you because that'll compromise the secrecy of the machines."

Federal testing procedures? "Secret"

Results of the tests? "Secret"

Basically, we are required to have blind faith."

- Dr. David L. Dill
Professor, Computer Sciences
Stanford University