No, it is not necessary _or_ sufficient. That is what I'm saying. You can audit a closed-source app, and there also might be open-source apps which are impractical to audit despite them being open source.
If you have your closed-source app audited, everyone needs to trust the audit company. And I've seen some shit audits in my life that told absolutely nothing about the actual security.
Open source means anyone can audit and verify nothing was done after audit.
Moxie more or less audited WhatsApp's Signal protocol implementation, and people are right to be concerned about whether changes have been made since FB bought the app.
Open source means anyone can audit and verify nothing was done after audit.
Moxie more or less audited WhatsApp's Signal protocol implementation, and people are right to be concerned about whether changes have been made since FB bought the app.