-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2014.11.04 20.31, Mike Hearn wrote: > Nice! > > I echo the confusion around GChat/FB being marked as audited. I > assume this is because the code has been audited by company > internal security staff, i.e. the presumed goal of the audit is to > find bugs and not subterfuge? It might be good to explain this if > so, in a tooltip for example.
FB regularly brings in external security teams, so, uh, yeah. And if you can find a more competent security team than the team that works for Google, by all means, knock that point off, but you'll have to clone Halvar first. There's basically no small team that can compete with a group like that. Yes, public audits are significantly better than private for high-risk tools, but it's about driving process, and I don't think there's a huge amount to gain by "penalizing" Google there. E. - -- Ideas are my favorite toys. -----BEGIN PGP SIGNATURE----- iF4EAREIAAYFAlRZZqcACgkQQwkE2RkM0wqR5QD8CDyiokG7CLspIw6ykGfBlCTy 4gzAMnCgCsxVw28sRrEA/jOUapufQ9Fx89XopyhWM9EyGTl1N6omqKnizeaHzkdG =uRB3 -----END PGP SIGNATURE----- _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
