Jump to content
Sam van der Kris

Please consider open-sourcing Enpass

Recommended Posts

I've been using Enpass for a while now and I really like it. I bought premium for both Windows and Android. However, I'm kind of concerned about the security. I know there was a third-party audit, but in the meantime there could have been new vulnerabilities that we don't know about. Open-sourcing Enpass would make it much more secure. Besides, contributions from the community could improve the app even further.

And there's no need to worry about income, there will still be plenty of people who will pay for the premium version because it's much easier than compiling the app from source for every update. And the people who would rather compile from source than pay for it probably weren't going to be paying for the premium version either way (and just pirate it instead or something).

I know that this is not an easy decision to make, but I would really appreciate it if you guys would seriously consider open-sourcing Enpass. I think it would be better for everyone. Thank you. 

  • Like 2

Share this post


Link to post
Share on other sites

Why not simply open-source (under a suitably restrictive license regarding commercial reuse) the actual cryptography algorithms, libraries and related code used in the application? That allows competent people to review the cryptography and subject it to whatever testing is necessary, while preserving the intellectual and commercial property inherent in a for-profit company. Granted security issues could well be elsewhere in the application code, but I think it's going a bit far to think that just open-sourcing the whole application is going to attract the kind of thorough external audit that actually needs to be done at regular intervals.

In fact, regular external audits of the whole application really *are* necessary, in addition to disclosures about the cryptography used. It would be great if Enpass is willing to invest that kind of money and publish the results!

UPDATE: I overlooked the other thread in this forum section about planned external security audits. Let's hope Enpass makes those a regular milepost in their plans!

Edited by Insert Real Name
More reading...

Share this post


Link to post
Share on other sites

I also support the idea of OpenSourcing the code (security, confidence, reliability,...)

Enpass is providing a valuable support, new features and bug correction that require regular updates.

As mentioned above by @Sam van der Kris, I'm pretty sure business model will continue, even in Opensource mode. People are ready to pay for a service (package, support,...), even if source code is available. Of course, not at any price ! But as long as this price is reasonable, OpenSource model will allow that.

Thanks again for this excellent product !

 

  • Like 1

Share this post


Link to post
Share on other sites

I think after the subscription model has started and a more sustainable form of income is secured, Enpass should consider having intensive audits regularly, as that, indeed, is a very important point.

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...