[eropple]

> Why do you assume that Slack's security expertise and security budget is greater than your own?

I don't assume it. I know it for a fact; I've met some of their team and I know others by reputation. And I'm not exactly a slouch when it comes to this stuff (I don't eat and sleep crypto but a large part of my business is building secure infrastructure/consulting on the systems running on that infrastructure for regulated as well as non-regulated environments).

[count]

Slack has, publicly, a multi-member security team! That's entirely focused on the chat system that I don't have to put any of my teams time towards.

[fweespeech]

I'm curious...

Which is more secure?

A) Slack.

B) Open source software on a LAN accessible only through physical entry, SSH, and/or a VPN.

[type0]

I would say that Patchwork which runs on SSB protocol is more secure than Slack (if used on your LAN) and it's written in a freaking javascript.

[count]

I'd vote slack.

[fweespeech]

> I'd vote slack.

Then I suggest you put more effort into securing your LAN situation because that is a vote indicating your belief your workstations are insecure.

[count]

If you don't assume your user/dev workstations are insecure, you're going to have a rough time in life.

[eropple]

I'm pretty confident in saying that 95% of companies have worse endpoint protection, local network protection, cloud protection, or the intersection of any two or three of those things than Slack does application protection. Maybe more than 95%.