|
|
|
|
|
|
by prepend
1841 days ago
|
|
|
My understanding is that it doesn’t answer all the risks you call out, it’s just that it is lower than the same risks and more for proprietary, non-OSS software. If components are OSS then I have an easier time auditing. And perhaps I audit one section, and trusted people audit other sections and we can all run a trivial verification program. Again, it’s not perfect, it’s just better. And it at least has the conditions for perfect review, while other methods do not. |
|
|