-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Aug 17, 2013, at 2:41 AM, ianG <i...@iang.org> wrote:
> So back to Silent Circle. One known way to achieve some control over their > closed source replacement vulnerability is to let an auditor into their inner > circle, so to speak. One correction of fact: Our source is not closed source. It's up on GitHub and has an non-commercial BSD variant license, which I know isn't OSI, but anyone who wants to build, use, and even distribute their verified version is free to do so. Secondly, we have auditors in the mix. We are customers of Leviathan Security and their "virtual security officer" program. They do regular code audits, network audits, and are helping us create a software development lifecycle. Jon -----BEGIN PGP SIGNATURE----- Version: PGP Universal 3.2.0 (Build 1672) Charset: us-ascii wj8DBQFSD64VsTedWZOD3gYRAp5iAKDFiDEn9MyTMscvsuznSY5jS83SpACg41F3 WL8vRZBFo747yv4C1DfwFeA= =FYfS -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography