Hi, > One experience with code audits is that the first hour is the by far > most > productive. If you want to hide secret backdoors, make sure the code > is big > and difficult to navigate, so that people won't get to your backdoor in > the > first hour, no matter where they start. Large source code bases like > GnuPG or > OpenSSL are ideal to bury backdoors like Heartbleed. > > When it's actually fun to look through the code, people do it.
I fully agree, if you want something auditable, make it as easy to read as possible. (Open fileformats, free readers, free samples, short/small codebase, and as accessible as possible.) Best regards, Philipp _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
