Sunday 29 March 2015

Clarity

In the last few weeks I've been sharing the SecureODF idea with a wide range of people, and sometimes the questions you get are really valuable in highlighting how others see the problem and solution.

The biggest issues that needed clarifying are:

  • SecureODF is not about encryption and making documents unreadable to those who shouldn't read them. There are excellent and easy solutions to this - including encrypting documents, or putting documents behind doors which need the right credentials to access them

  • SecureODF is about preventing documents from carrying unwanted malware or triggering undesirable behaviour in your technology (document editor/reader application, operating system, network).

And really importantly:

  • SecureODF is about being able to receive documents from UNTRUSTED sources who may or may not have inserted malware into the documents. This is different from the scenario where you trust a source but the documents are corrupted in trasit between your trusted friend and yourself - that scenario is already easily addressed through the use of cryptographic hashes and certificates to verify the document you received is as it was sent.

Thursday 11 December 2014

Bruce Schnier on ODF & Security

Way back in 2005 Bruce Schnier did a post on ODF and security, comparing it to closed binary formats.

https://www.schneier.com/blog/archives/2005/12/opendocument_fo.html

The comments are still relevant, for example, features vs safety balance.

Sunday 23 November 2014

Submitted to KickStarter

Finally submitted the proposal to Kickstart for review.

The preview is here, with updated video, text, Q&A and logo.

https://www.kickstarter.com/projects/849734365/942335070?token=49dbb743

The video is on youtube too:


Friday 21 November 2014

Kickstarter

I've not had much luck exploring the various official funding sources for cyber security - which is puzzling given how much priority is given to cyber.

So I'm going to try social crowd funding through kickstarter.




Have a look at the preview proposal - I'd appreciate you submitting feedback. The words need to be refined and a video produced - should be fun!

Maybe the wisdom of crowds is greater than official bureaucracy?

Sunday 2 November 2014

Problem, Strategy, Profile Document Online

The document which describes the problem, solution strategy, and secure profile will be developed in full view online at:


Link will always be visible in the Links panel on the top right of this blog.

Feel free to provide ideas, corrections, suggestions to @secureodf or secureodf at gmail dot com.

Saturday 1 November 2014

Security Research Map

In my search to raise visibility and seek the right funding I've added a profile to the EU's Security Research Map: