Comment by nickpsecurity

I warned others about them. I rarely warn projects any more because my associates and I have done that until we were blue in the face with little effort. My MO is to just post good stuff in forums that attract talent so they might see and adopt it. In any case, I posted a write-up on what real security is and what goes into it on Schneier's blog in response to a [false] comment saying secure coding is all you need. Here's the Pastebin of it:

http://pastebin.com/y3PufJ0V

Here's a specific example where I try to make a step-by-step guide for high assurance Tor without knowing its internals. Just drew on my prior work:

https://www.schneier.com/blog/archives/2014/09/identifying_d...

Hope what High Assurance Security takes is more clear now. Unless you get lucky (eg GPG), you need high assurance to resist TLA's successfully and that might just be delaying inevitable. Still need monitoring & tamper-detection.