Log In     Register    

DarkMX Support Forum
Questions and comments about the software
<<  Back To Forum

Security Auditing

by Guest on 2021/11/25 08:15:04 PM    
Most free-as-in-price products that claim to be private and secure are open source. Since this program is closed source how do we know it is truly private and secure since it cannot be audited?
by ASmith on 2021/11/29 03:19:01 AM    
I agree and there are free independant security auditors available composed of multiple experts in various fields. After nearly a year from the public release of DarkMX, a independent security audit should be called to carry out their tasks to discern if further optimizing can be add via suggestions back to the developers of DarkMX and any use or errors found or leaking of unintended information that has been overlooked.

I'm sure a security audit by a independent panel of experts would come back fine however this can often spot further areas to optimize and work with the developers of DarkMX to add them. This should be seen as a win-win in my opinion.
by Guest on 2021/12/08 07:51:50 AM    
There are many tests that can be undertaken without any effort by the Darkmx dev, what exactly are you guys suggesting ?
by BartS on 2022/01/02 06:10:08 PM    
Please provide a list of these "free" security auditing experts.

What are their credentials? Who certifies they can be trusted? Who certifies they would even be competent to understand the complexity of the apps produced by this devteam?

And when new updates are issued every few days/weeks/months...it starts all over again?

Reality check.

This DEV has been releasing p2p programs for over 20 years now? Has any been shown to contain a trojan or backdoor?
by Guest on 2022/01/07 03:50:28 AM    
Afew years ago I was working to engage the free software security auditing panel to which Schneier and other security experts in their various fields were panelists. The foss project lead developer at that time stated the newest beta release of Retroshare v0.6.0 wasn’t ready for a security audit and my efforts to put the two parties together for that wonderful opportunity was dashed.

At that time Bruce Schneier was of course the crypto expert Panelist, other experts were in regards to programming and importantly an expert in spotting and locating a security issue hidden in the coding, deliberately or accidentally. Normally such a service is costly and for FOSS projects and free software projects, that is a major reason many projects do not undergo independent security auditing by a team of experts dedicated to do that with quality expertise in multiple pertinent areas. I recall at that time a popular encryption application was audited by these folks. No security issues were found but several loops and coding were found to not be optimally coded and were immediately patched by the developer resulting in a better product overall.

I have left a post on Bruce Schneier's Security blog asking if the free independant software project security auditing panel still up and accepting requests?




This web site powered by Super Simple Server