1 Moderate, 3 low, 2 N/A-severity issues.
Make sure to update Picocrypt!
Should mention this audit on the website too @redoomed1 @jonah
1 Moderate, 3 low, 2 N/A-severity issues.
Make sure to update Picocrypt!
Should mention this audit on the website too @redoomed1 @jonah
He said he fixed most issues in the latest version and the others arenāt all that problematic. Picocrypt is finally getting a security audit! Follow progress here. Ā· Issue #32 Ā· Picocrypt/Picocrypt Ā· GitHub
However, the report itself states that they should try to get re-tested to ensure these fixes didnāt result in additional vulnerabilities.
Unless you have (another) $3k to spare, I donāt think a retest is practical
The changes are minor and logical ā I donāt think a retest is needed.
I see what you mean, apparently open source code and skills in understanding it throws off a lot of issues, discussions on GitHub and open dialog contribute to this.
I would like to draw your attention to the fact that this community is developing, growing, quite predictable and logical scenario is an increase in the number of users with starting knowledge, letās say newbies.
Most of them have not yet discovered registering on GitHub, it will be too early for them to engage in dialogs there, they will be able to understand the code only later.
If you want your product to get the coverage it deserves and due, acceptance, word of mouth.
It would be nice, and Iām speaking respectfully now, not to give the audit a chance to add a spoonful of tar to the honey barrel.
As for the financial question.
It may be reasonable in some cases to allow the community to support the project in the format of a
ādonation section for upcoming audits selected by Privacy Guidesā
(this is a very raw idea, improvisation)