[cryptography] open letter to Phil Zimmermann and Jon Callas of Silent Circle, re: Silent Mail shutdown

Jon Callas jon at callas.org
Sat Aug 17 13:08:36 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Aug 17, 2013, at 2:41 AM, ianG <iang at iang.org> wrote:

> So back to Silent Circle.  One known way to achieve some control over their closed source replacement vulnerability is to let an auditor into their inner circle, so to speak.

One correction of fact:

Our source is not closed source. It's up on GitHub and has an non-commercial BSD variant license, which I know isn't OSI, but anyone who wants to build, use, and even distribute their verified version is free to do so.

Secondly, we have auditors in the mix. We are customers of Leviathan Security and their "virtual security officer" program. They do regular code audits, network audits, and are helping us create a software development lifecycle.

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii

wj8DBQFSD64VsTedWZOD3gYRAp5iAKDFiDEn9MyTMscvsuznSY5jS83SpACg41F3
WL8vRZBFo747yv4C1DfwFeA=
=FYfS
-----END PGP SIGNATURE-----


More information about the cryptography mailing list