Gili Posted September 1, 2016 Report Share Posted September 1, 2016 I understand that you do not wish to open-source your product, but I am reluctant to use it because of the fact it is closed-source, the company is based in India (yes, this matters) and there is no information about the development team. Have you considered having an independent 3rd-party audit your source-code on a regular basis as a way to gain credibility without open-sourcing your product? Thanks, Gili 17 Link to comment Share on other sites More sharing options...
Xinamo Posted September 4, 2016 Report Share Posted September 4, 2016 On 1. 9. 2016 at 1:29 AM, Gili said: I understand that you do not wish to open-source your product, but I am reluctant to use it because of the fact it is closed-source, the company is based in India (yes, this matters) and there is no information about the development team. Have you considered having an independent 3rd-party audit your source-code on a regular basis as a way to gain credibility without open-sourcing your product? Thanks, Gili +1 3 Link to comment Share on other sites More sharing options...
Astrolab_Max Posted September 10, 2016 Report Share Posted September 10, 2016 I totally agree! That would boost up your reputation! 3 Link to comment Share on other sites More sharing options...
My1 Posted September 26, 2016 Report Share Posted September 26, 2016 would certainly not be bad. Link to comment Share on other sites More sharing options...
marct Posted September 27, 2016 Report Share Posted September 27, 2016 Agreed! Link to comment Share on other sites More sharing options...
stanbarrows Posted November 2, 2016 Report Share Posted November 2, 2016 +1 Link to comment Share on other sites More sharing options...
Ivarson Posted November 4, 2016 Report Share Posted November 4, 2016 +1 Link to comment Share on other sites More sharing options...
niemalsnever Posted November 22, 2016 Report Share Posted November 22, 2016 +1 Link to comment Share on other sites More sharing options...
Mark Posted November 30, 2016 Report Share Posted November 30, 2016 At least an answer please? AFAIK "Security of our data is your utmost priority." We have questions and thoughts, yet there is not even an answer from the maintainers. This itself means a serious security concern. 4 Link to comment Share on other sites More sharing options...
Hemant Kumar Posted December 1, 2016 Report Share Posted December 1, 2016 Hi @Mark Thanks for posting your query on our Forums. From a consumer point of view, we do respect your concern about security. 17 hours ago, Mark said: "Security of our data is your utmost priority." Yes. it's true. On 9/2/2016 at 4:59 AM, Gili said: Have you considered having an independent 3rd-party audit your source-code on a regular basis as a way to gain credibility without open-sourcing your product? 1 We also thought of getting a third party audit of Enpass but eventually had to drop this idea for some time (so far). All this because Enpass supports so many platforms with a high frequency of updates (all together) and it is not possible for us to get every update audited because every successive update will invalidate the last audit done. Also getting the source code audited is very hefty in terms of time and expense. I hope that helps answer your question. 1 Link to comment Share on other sites More sharing options...
Gili Posted December 1, 2016 Author Report Share Posted December 1, 2016 Hemant, Thank you for your response. I don't think anyone is expecting frequent audits. Once a year or every 3 years should be enough. As to the cost... that's the cost of doing business. The primary reason I skipped over this product was because it was both close-sourced and unaudited. Otherwise, I would have purchased a copy. Gili 8 Link to comment Share on other sites More sharing options...
Ivarson Posted December 3, 2016 Report Share Posted December 3, 2016 (edited) On 2016-12-01 at 5:48 PM, Gili said: Hemant, Thank you for your response. I don't think anyone is expecting frequent audits. Once a year or every 3 years should be enough. As to the cost... that's the cost of doing business. The primary reason I skipped over this product was because it was both close-sourced and unaudited. Otherwise, I would have purchased a copy. Gili +1 If you choose not to share the source, its sorta up to you to pay some third party to review the code with NDA. And as Gili said, no one expects reoccuring audits. Its mostly, or at least about customers needing to know that you've implemented cryptography in a acceptable way and of course that there are no additional ways in to a running process of Enpass. Edited December 13, 2016 by Ivarson 4 Link to comment Share on other sites More sharing options...
pattomi Posted December 4, 2016 Report Share Posted December 4, 2016 +1 1 Link to comment Share on other sites More sharing options...
chaoszwerg Posted December 5, 2016 Report Share Posted December 5, 2016 +1 Link to comment Share on other sites More sharing options...
Mark Posted December 5, 2016 Report Share Posted December 5, 2016 Hermant, I didn't say it's not true, just wanted to point that if it is then some response to these topics might help. Actually I am not that concerned about anyone stealing the credentials to my favourite restaurant's website (I don't keep sensitive data in these programs), but nevertheless I am doing my homework in form of a "security audit". I am no security expert nor have access to the source code, but can still find the obvious things (database, encryption, cloud sync, communication, etc) which might make people a little bit less afraid of your software. Even then, these days it's quite common that people are afraid of anything when it comes to their privacy. This is something that you should keep in mind when choosing not to do a third-party audit because <insert any reason here>. 1 Link to comment Share on other sites More sharing options...
Benqer Posted December 11, 2016 Report Share Posted December 11, 2016 +1 Link to comment Share on other sites More sharing options...
LKo Posted December 13, 2016 Report Share Posted December 13, 2016 +1 Link to comment Share on other sites More sharing options...
gammy Posted December 15, 2016 Report Share Posted December 15, 2016 (edited) +1 It's funny to hear that ensuring that your cryptographic product is in fact secure is not worth the effort. Other apps come to mind: Signal, Telegram, Veracrypt. All cross-platform, all frequently updated, all audited. Oh, and they're all free. Edited December 15, 2016 by gammy 3 1 Link to comment Share on other sites More sharing options...
Monk32 Posted January 4, 2017 Report Share Posted January 4, 2017 +1 Link to comment Share on other sites More sharing options...
Marius Posted January 7, 2017 Report Share Posted January 7, 2017 +1 Link to comment Share on other sites More sharing options...
Guest Posted January 9, 2017 Report Share Posted January 9, 2017 +1 Link to comment Share on other sites More sharing options...
SnoFox Posted January 11, 2017 Report Share Posted January 11, 2017 +1 Link to comment Share on other sites More sharing options...
ounos Posted January 16, 2017 Report Share Posted January 16, 2017 +1 Any plans to do something about it ? Link to comment Share on other sites More sharing options...
kevin.purcell Posted January 18, 2017 Report Share Posted January 18, 2017 +1 I would definitely be interested to see you posting the results of, say, a yearly audit of your code. Link to comment Share on other sites More sharing options...
Hemant Kumar Posted February 13, 2017 Report Share Posted February 13, 2017 Hello, everybody! I truly understand your concern for a software holding critcal information and not being open sourced or audited by any credible third party agency. Well guys, thanks for all your comments and we've decided to get third party audit of Enpass. But all we need is just some more time as after the upcoming release of Attachments (beta is already there), we'll work on some key features like multiple-vaults with a need of refactoring the core engine, and I think that would be that best time to go for audit, all at once. Till then, please bear with us and all I ask for is your co-operation. Cheers! 9 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now