Debating OSS: Yubico OpenPGP bug "was NOT detected by any audit of the source code", well not competent ones...https://twitter.com/AsherLangton/status/731190908041842688 …
"We have both internal and external review of our code to ensure that it is secure" I'd focus on its failure rather than OSS or not
-
-
I understand reasons for not going OSS, however I don't like poor claims and incorrect justifications (https://www.yubico.com/2016/05/secure-hardware-vs-open-source/ …)...
-
...that just hide the real reasons.
End of conversation
New conversation -
-
-
Assurance is derived from developer maturity and rigor. Evidence of this should be open, not necessarily the source code.
-
I 100% agree, but this is not the point that is being made.
-
It is one of the points made by
@Yubico in the blog. YK4 code not being open has nothing to do with security assurance.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.