on 2021/11/29 03:19:01 AM
I agree and there are free independant security auditors available composed of multiple experts in various fields. After nearly a year from the public release of DarkMX, a independent security audit should be called to carry out their tasks to discern if further optimizing can be add via suggestions back to the developers of DarkMX and any use or errors found or leaking of unintended information that has been overlooked.
I'm sure a security audit by a independent panel of experts would come back fine however this can often spot further areas to optimize and work with the developers of DarkMX to add them. This should be seen as a win-win in my opinion.
by Guest on 2022/01/07 03:50:28 AM
Afew years ago I was working to engage the free software security auditing panel to which Schneier and other security experts in their various fields were panelists. The foss project lead developer at that time stated the newest beta release of Retroshare v0.6.0 wasn’t ready for a security audit and my efforts to put the two parties together for that wonderful opportunity was dashed.
At that time Bruce Schneier was of course the crypto expert Panelist, other experts were in regards to programming and importantly an expert in spotting and locating a security issue hidden in the coding, deliberately or accidentally. Normally such a service is costly and for FOSS projects and free software projects, that is a major reason many projects do not undergo independent security auditing by a team of experts dedicated to do that with quality expertise in multiple pertinent areas. I recall at that time a popular encryption application was audited by these folks. No security issues were found but several loops and coding were found to not be optimally coded and were immediately patched by the developer resulting in a better product overall.
I have left a post on Bruce Schneier's Security blog asking if the free independant software project security auditing panel still up and accepting requests?