Debating OSS: Yubico OpenPGP bug "was NOT detected by any audit of the source code", well not competent ones...https://twitter.com/AsherLangton/status/731190908041842688 …
-
-
Replying to @AndreaBarisani
The point is, code was open but nobody (competent) looked at it so no added assurance from being open. Open != verified.
1 reply 0 retweets 0 likes -
Replying to @nxsolle
"We have both internal and external review of our code to ensure that it is secure" I'd focus on its failure rather than OSS or not
2 replies 0 retweets 0 likes -
Replying to @AndreaBarisani @nxsolle
I understand reasons for not going OSS, however I don't like poor claims and incorrect justifications (https://www.yubico.com/2016/05/secure-hardware-vs-open-source/ …)...
2 replies 0 retweets 0 likes
Replying to @AndreaBarisani @nxsolle
...that just hide the real reasons.
5:42 AM - 18 May 2016
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.