The point is, code was open but nobody (competent) looked at it so no added assurance from being open. Open != verified.
I am just disappointed with the slow migration to a different model based on commercial concerns rather than technical
-
-
and the apparent mismanagement of at least 2 security bugs in my mind, again I find the all != OSS dissertation as indelicate
-
I am not against OSS. I just don't want people to assume OSS == more secure. Assurance can be built without opening source.
-
yes, I disagree on the opposite "There is an inverse relationship between making a chip open and achieving security certifications"
-
that is a quote from the post, their initial OSS use is being reversed, somwehat criticized and it was poorly managed to begin with
-
Not really a reversal. No yubikey source has ever been open AFAIK. The applet loaded on Neo was badly managed 3rd party OSS.
-
incorrect, they took ownership of their fork https://github.com/Yubico/ykneo-openpgp …
-
They forked an OSS project and kept their fork open. PGPCard functionality in YK4 is unrelated code. Clearly stated in blog.
-
Just because a new product has same function as old one doesn't mean you have a moral obligation to open source code.
- 9 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.