Jump to content
Enpass Discussion Forum

Please consider open-sourcing Enpass


Sam van der Kris
 Share

Recommended Posts

I've been using Enpass for a while now and I really like it. I bought premium for both Windows and Android. However, I'm kind of concerned about the security. I know there was a third-party audit, but in the meantime there could have been new vulnerabilities that we don't know about. Open-sourcing Enpass would make it much more secure. Besides, contributions from the community could improve the app even further.

And there's no need to worry about income, there will still be plenty of people who will pay for the premium version because it's much easier than compiling the app from source for every update. And the people who would rather compile from source than pay for it probably weren't going to be paying for the premium version either way (and just pirate it instead or something).

I know that this is not an easy decision to make, but I would really appreciate it if you guys would seriously consider open-sourcing Enpass. I think it would be better for everyone. Thank you. 

  • Like 2
Link to comment
Share on other sites

Why not simply open-source (under a suitably restrictive license regarding commercial reuse) the actual cryptography algorithms, libraries and related code used in the application? That allows competent people to review the cryptography and subject it to whatever testing is necessary, while preserving the intellectual and commercial property inherent in a for-profit company. Granted security issues could well be elsewhere in the application code, but I think it's going a bit far to think that just open-sourcing the whole application is going to attract the kind of thorough external audit that actually needs to be done at regular intervals.

In fact, regular external audits of the whole application really *are* necessary, in addition to disclosures about the cryptography used. It would be great if Enpass is willing to invest that kind of money and publish the results!

UPDATE: I overlooked the other thread in this forum section about planned external security audits. Let's hope Enpass makes those a regular milepost in their plans!

Edited by Insert Real Name
More reading...
Link to comment
Share on other sites

I also support the idea of OpenSourcing the code (security, confidence, reliability,...)

Enpass is providing a valuable support, new features and bug correction that require regular updates.

As mentioned above by @Sam van der Kris, I'm pretty sure business model will continue, even in Opensource mode. People are ready to pay for a service (package, support,...), even if source code is available. Of course, not at any price ! But as long as this price is reasonable, OpenSource model will allow that.

Thanks again for this excellent product !

 

  • Like 1
Link to comment
Share on other sites

  • 6 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...