Read the link I posted in my original post showing what a high assurance secure design takes. Now, look at all the designs you referenced and typical commercial development practices. You should see a *HUGE* gap between the two. For starters, the design must be as such that every state the system might be in is known, every error state is shown to fail safe, only the strongest configurations are used, an inspection happens for every known weakness, safe subsets are used for the coding, those are extensively tested, covert channel analysis, minimal TCB, and so on. Such methods would've prevented Heartbleed and AES timing attacks among others. Yet, companies time and time again do whatever maximizes profit. And then the software gets smashed.
Security against High Strength Attackers often takes at least 30% of the project budget. It also takes many compromises on features and hurts time to market. On the other hand, there's some companies doing at least medium assurance with good results. Example: Matasano's review of Secure64 DNS on SourceT OS says they couldn't begin to figure out how to do a code injection on such a design. Sentinel's HYDRA firewall got similar remarks from NSA evaluators a while back. Two high assurance designs still available are Boeing SNS and GHS INTEGRITY-178B. All are in use by defense contractors to protect high value assets. Such solutions aren't cheap or pretty, though. So most companies buy cheap, full-featured alternatives that are developed with commercial best practices (read: hackerbait). That's why *those* products keep getting hacked.
What does all that nonsense have to do with a VPN? Do you even know what they do? A VPN protects the secrecy, integrity and authenticity of communications between two points. This has been done to high assurance. Repeatedly. NSA still relies* on some of these to protect their communications from foreign nation-states. You can leverage strong end-to-end VPN tech to protect all kinds of other apps from eavesdropping if the parties on each side trust each other. The tech can also be leveraged in anonymity schemes that encrypt links or circuits. It's a building block along side other building blocks. I've gotten a ton of mileage out of mine in the past with zero evidence of compromise despite clever efforts.
Learn how it works, learn how it can go wrong, learn what it looks like done right, and start doing it right avoiding anything that's known to be wrong. It's not rocket science: just a very simple concept quite alien to most COTS and FOSS products. An exception is Micro-SINA VPN and Turaya VPN. They at least kept the TCB tiny and modular.
*They also largely stopped buying high assurance products minus a few for select critical sites and mostly killed off that market. A combination of that, poor organizational security practices, and the post-9/11 push to knock out obstacles to info sharing have led to most of their security breaches. It doesn't say anything about the quality of the good stuff.
http://www.schneier.com/blog/a...
Examples of better approaches and some exemplar secure products:
China and Russia are certainly involved in cyber espionage, especially for state secrets or intellectual property. I was simply pointing out that the US is the main country talking about how we have to be worried about cyberwar and is also the main country using a vast arsenal of cyberweapons against most developed nations, including allies & neutrals.
This is both a nice irony and a potential explanation for why we know neither specifics of cyber weapons nor how to stop good ones.
Thanks for that!
To program is to be.