Any third party review is certainly welcome, but there are some problems:
we cannot afford the relevant amount of money that a security professional will ask; and since we frequently release new versions …
conflict of interests: will your trust level increase if we pay a 3rd party to analyze Clipperz security?
We opted since the beginning of this venture for complete transparency and community reviews. This is why we provide instructions about how to download our source code.
Professional reviews vs. community reviews
Any third party review is certainly welcome, but there are some problems:
we cannot afford the relevant amount of money that a security professional will ask; and since we frequently release new versions …
conflict of interests: will your trust level increase if we pay a 3rd party to analyze Clipperz security?
We opted since the beginning of this venture for complete transparency and community reviews. This is why we provide instructions about how to download our source code.
This is also why we released the core crypto functions under a
BSDAGPL license. See ourClipperzJavascript Crypto Library.What do you think of our approach? Any suggestion?
Thanks, Marco