[messaging] EFF Secure Messaging Scorecard
ella at dymaxion.org
Tue Nov 4 15:52:07 PST 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 2014.11.04 20.31, Mike Hearn wrote:
> I echo the confusion around GChat/FB being marked as audited. I
> assume this is because the code has been audited by company
> internal security staff, i.e. the presumed goal of the audit is to
> find bugs and not subterfuge? It might be good to explain this if
> so, in a tooltip for example.
FB regularly brings in external security teams, so, uh, yeah.
And if you can find a more competent security team than the team that
works for Google, by all means, knock that point off, but you'll have
to clone Halvar first. There's basically no small team that can
compete with a group like that. Yes, public audits are significantly
better than private for high-risk tools, but it's about driving
process, and I don't think there's a huge amount to gain by
"penalizing" Google there.
Ideas are my favorite toys.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Messaging