On 2/5/18, Drago, William @ CSG - NARDA-MITEQ <william.dr...@l3t.com> wrote: > All, > > I've been using/loving SQLite for years, but the use of open source software > is highly discouraged where I work, and now I have to prove to our IT dept. > that SQLite is reliable and secure. The reliable part is easy because there > is enough information on the SQLite website about testing, but what about > security? How can I convince the auditors that SQLite is not stealing > corporate secrets and spreading viruses? > > Is there a statement somewhere on the website that guarantees that copies of > SQLIte downloaded from SQLite.org and System.Data.Sqlite.org are free of all > forms of spyware/malware/viruses/etc?
As for SQLite itself, every byte of source code can be traced back to the specific individual who wrote it. Most of those bytes are from just two people. All contributors are either US or Australian citizens. Not only is every line of source code originated from a fully vetted individual, but we have proof that every line of code is tested. There is no opportunity for a virus to slip in. SQLite is open-source, but it is not open-contribution. Do not confuse these two concepts. Anybody can read and use the SQLite sources, but very few peopled are allowed to commit changes. All committers are personally known to me. We do not except drive-by patches. SQLite does not contain code that has been copy/pasted from the internet. All of the code in the SQLite core is purposefully written specifically for the SQLite core. SDS is slightly more problematic. The biggest chunk of that code was inherited, and we cannot vouch for the provenance of that inherited code. On the other hand, we have had total control SDS since 2010, and nothing has come up during the subsequent 8 years of development and maintenance. Since 2011, all check-ins to the SDS source code have come from just 3 individuals, with all but about 8 check-ins from a single programmer who is a US citizen and fully vetted and known personally to me. -- D. Richard Hipp d...@sqlite.org _______________________________________________ sqlite-users mailing list email@example.com http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users