[cryptography] open letter to Phil Zimmermann and Jon Callas of Silent Circle, re: Silent Mail shutdown

ianG iang at iang.org
Sat Aug 17 13:41:26 EDT 2013


On 17/08/13 20:08 PM, Jon Callas wrote:
> On Aug 17, 2013, at 2:41 AM, ianG <iang at iang.org> wrote:
>
>> So back to Silent Circle.  One known way to achieve some control over their closed source replacement vulnerability is to let an auditor into their inner circle, so to speak.
>
> One correction of fact:
>
> Our source is not closed source. It's up on GitHub and has an non-commercial BSD variant license, which I know isn't OSI, but anyone who wants to build, use, and even distribute their verified version is free to do so.


Apologies, ack -- I noticed that in your post.

(And I think for crypto/security products, the BSD-licence variant is 
more important for getting it out there than any OSI grumbles.)

> Secondly, we have auditors in the mix. We are customers of Leviathan Security and their "virtual security officer" program. They do regular code audits, network audits, and are helping us create a software development lifecycle.


Ah ok.  Will they be writing an audit report?  Something that will give 
us trust that more people are sticking their name to it?





iang





More information about the cryptography mailing list