Bad security engineering kills project

Ian Batten igb at
Thu Sep 5 12:59:58 BST 2013

NAO report on the Universal Credit car-crash.

Entertainment, in a rather bleak sense, is available from Figure 2, in Appendix 5 on page 50.  It sets out the security objectives, most of which have not been met.

The one that jumps off the page is ID Assurance, which you'd have thought would be the most critical and challenging part of a programme that pays out more than a billion pounds per week.  Because anything that's rolled out is going to be the de-facto ID scheme for citizen-to-government transactions over the next ten years, and once started, any programme is very hard to change.  They don't have anything ready to take to Pathfinder, which means that the Pathfinder project can't implement more than a small subset of the overall requirement.

Does anyone know what the candidate technologies are?  I've seen all sorts of proposals, but nothing beyond the "yeah, we might look at" stage.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ukcrypto mailing list