|
|
|
|
|
|
by karottenreibe
1373 days ago
|
|
|
Trust in this context is obviously not 1 or 0 but a sliding scale and some organizations are higher on that scale than others based on past conduct, as the previous poster pointed out at length. If you don't trust anyone but yourself, you'll have to do the audit yourself. How do you suggest to do that? An auditor with a good track record seems like the most trustworthy practically feasible alternative to me. |
|
|
Given you are the most successful computer company on the planet, and the entire planet is connected by your products within two degrees of separation in a network; then the only thing you gain is a loss as any auditor is in a position of being unmatched in every category at best and at worst is an active agent who will dissipate information increasing vulnerability and attack surface.
Bug bounties work well to solve this, and that’s how it’s done.