ossf / secure-sw-dev-fundamentals

Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)
Creative Commons Attribution 4.0 International
179 stars 46 forks source link

Example(s) for "You should instead have a plan for handling when (not if) your cryptographic algorithms and protocols are broken."? #140

Open TobiasWehrum opened 1 year ago

TobiasWehrum commented 1 year ago

In "Applying Cryptography" -> "Humility Is Important in Cryptography", you write that:

You should instead have a plan for handling when (not if) your cryptographic algorithms and protocols are broken. Make sure all your co-developers learn of this plan so that they will not ruin it (e.g., if you run an OSS project, put this in the CONTRIBUTING.md or equivalent file).

Do you know of any projects that have a public file that can serve as an example for such a plan? The course mentions several times that you should "make sure you are prepared to replace" cryptographics algorithms and protocols, but it doesn't mention anywhere what potential strategies or problems could be, so a practical example might help here.