OpenSSL proved to me that being open source doesn’t mean anyone actually checks what it’s doing. It could be checked, but it would be trivial to sneak in things.
Good point. But I still prefer open free software, because there you HAVE the OPTION to inspect it!
If you paid someone (even multiple people/companies) to do professional audit over OpenSSL, it would be prevented.
Now, with closed software you are lost and the only thing you have is a TRUST the SW developer. Because inspecting blbs is much more difficult. And I don't trust them.
If you paid someone (even multiple people/companies) to do professional audit over OpenSSL, it would be prevented.
Now, with closed software you are lost and the only thing you have is a TRUST the SW developer. Because inspecting blbs is much more difficult. And I don't trust them.