“Briefly and simply, assurance work makes a user or a creditor more confident that the system works as intended without flaws, without surprises, even in the presence of malice.” … “The major shortfall is absence of assurance or safety mechanisms in software.  If my car crashed as often as my computer does, I’d be dead by now.”

Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need Assurance", AusCERT 2008

"Unfortunately, the security issues of a technology near the end of its lifetime are typically overlooked.  The best known example is that of cryptographic keys and algorithms which may need to offer in some cases security for 50 to 100 years."

“The software security industry today is at about the same stage as the auto industry was in 1930" ... "it looks fast, goes nice but in an accident you die.” ... "The major shortfall is absence of assurance (or safety) mechanisms in software. If my car crashed as often as my computer does, I would be dead by now."

Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need assurance!", 1999-2008

“Build-in Security: Ensure that security is considered and built into the design of new infrastructure, so that our critical assets are protected from the start and more resilient to naturally-occurring and deliberate threats throughout their life-cycle."

Obama-Biden Plan, Agenda: Homeland Security, December 2008

“The time needed to factor an RSA integer is the same order as the time needed to use that same integer as modulus for a single RSA encryption.   In other words, it takes no more time to break RSA on a quantum computer (up to a multiplicative constant) than to use it legitimately on a classical computer.”

Professor Gilles Brassard,  "Quantum Information Processing: The Good, the Bad and the Ugly", 1997

"Many applications stay in use for much longer than anticipated, but during the extended lifetime they will be functioning in an environment for which they have not been designed, resulting in completely new vulnerabilities and risks."

Public key crypto key exchanges (RSA, D&H, ECC) would be ‘flat-lined’ under a quantum computer attack … "Open Problem”

Brian Snow, Former Technical Director of the US National Security Agency (NSA), Public Key Cryptography 30th Anniversary Conference, Dec 2006

“When will we be secure? Nobody knows for sure – but it cannot happen before commercial security products and services possess not only enough functionality to satisfy customers’ stated needs, but also sufficient assurance of quality, reliability, safety, and appropriateness for use. Such assurances are lacking in most of today’s commercial security products and services.”

Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need Assurance", 2005

“The more complex the threats become, the more you have to do the basics and groundwork really well. Staying aware and on top of new vulnerabilities and ensuring that patches and software updates are rapidly implemented is crucial.”

Jeff Shipley, Cisco Intelligence Collection Manager, Cisco 2008 Annual Security Report

“Advances have often been done in steps, and beyond approximately 10 years into the future, the general feeling among ECRYPT partners is that recommendations made today should be assigned a rather small confidence level, perhaps in particular for asymmetric primitives.”

European ECRYPT Network of Excellence, “Yearly Report on Algorithms and Key Lengths (2007-2008)", 2008

“Given today’s common hardware and software architectural paradigms, operating systems security is a major primitive for secure systems – you will not succeed without it. This area is so important that it needs all the emphasis it can get. It is the current ‘black hole’ of security.”

Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need assurance!", 1999-2008

"Given their power to intercept and disrupt secret communications, it is not surprising that quantum computers have the attention of various U.S. government agencies.  The National Security Agency, which supports research in quantum computing, candidly declares that given its interest in keeping U.S. government communications secure, it is loath to see quantum computers built. On the other hand, if they can be built, then it wants to have the first one.”

Prof Seth Lloyd of MIT, MIT Review 2008

"Even a relatively small quantum computer, one that had a few tens of thousands of qubits, could consider so many different values at once that it would be able to break all known [ed: RSA, D&H, ECC, AES-128] codes commonly used for secure Internet communication.”

Prof Seth Lloyd of MIT, MIT Review 2008

"One should not assume that stakeholders do not care about their security merely because they do not understand the consequences of certain actions. The perception of risk can vary significantly from actual risk and, in the short term, convenience may lead some early adopters to make hazardous decisions."

“The rapidly evolving field of quantum computers is one of the most active research areas of modern science, attracting substantial funding that supports research groups at internationally leading academic institutions, national laboratories, and major industrial-research centers.”

ARDA, Report of the Quantum Information Science and Technology Experts Panel, 2004