"We have both internal and external review of our code to ensure that it is secure" I'd focus on its failure rather than OSS or not
and the apparent mismanagement of at least 2 security bugs in my mind, again I find the all != OSS dissertation as indelicate
-
-
I am not against OSS. I just don't want people to assume OSS == more secure. Assurance can be built without opening source.
-
yes, I disagree on the opposite "There is an inverse relationship between making a chip open and achieving security certifications"
-
that is a quote from the post, their initial OSS use is being reversed, somwehat criticized and it was poorly managed to begin with
-
Not really a reversal. No yubikey source has ever been open AFAIK. The applet loaded on Neo was badly managed 3rd party OSS.
-
incorrect, they took ownership of their fork https://github.com/Yubico/ykneo-openpgp …
-
They forked an OSS project and kept their fork open. PGPCard functionality in YK4 is unrelated code. Clearly stated in blog.
-
Just because a new product has same function as old one doesn't mean you have a moral obligation to open source code.
-
and who said they have any moral obligations, I didn't..they can do whatever they please.
- 8 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.