[messaging] EFF Secure Messaging Scorecard

Eleanor Saitta ella at dymaxion.org
Tue Nov 4 15:52:07 PST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2014.11.04 20.31, Mike Hearn wrote:
> Nice!
> 
> I echo the confusion around GChat/FB being marked as audited. I
> assume this is because the code has been audited by company
> internal security staff, i.e. the presumed goal of the audit is to
> find bugs and not subterfuge? It might be good to explain this if
> so, in a tooltip for example.

FB regularly brings in external security teams, so, uh, yeah.

And if you can find a more competent security team than the team that
works for Google, by all means, knock that point off, but you'll have
to clone Halvar first.  There's basically no small team that can
compete with a group like that.  Yes, public audits are significantly
better than private for high-risk tools, but it's about driving
process, and I don't think there's a huge amount to gain by
"penalizing" Google there.

E.

- -- 
Ideas are my favorite toys.
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlRZZqcACgkQQwkE2RkM0wqR5QD8CDyiokG7CLspIw6ykGfBlCTy
4gzAMnCgCsxVw28sRrEA/jOUapufQ9Fx89XopyhWM9EyGTl1N6omqKnizeaHzkdG
=uRB3
-----END PGP SIGNATURE-----


More information about the Messaging mailing list