• Gestrid@lemmy.ca
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    5 months ago

    I imagine it probably is inspected, just not by the public. They probably do it themselves.

    And they may have contracts with certain companies specializing in this sort of security that also inspect it.

    And there’s also the cybersecurity companies that test it whether they’re contracted or not. At some companies, their entire job revolves around finding bugs (especially security bugs) in other companies’ software.

    Just because it’s not on GitHub doesn’t mean it’s not a good product that hasn’t been thoroughly tested.

    • Excrubulent@slrpnk.net
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      Surely we’re not gullible enough to accept “we inspected ourselves and determined we are secure and you should use our services”?

    • John Richard@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      You realize that Microsoft code is inspected as well, even more heavily and regulated… and yet they still end up with major breaches. Security evolves through open source collaboration and inspection by experts that aren’t being paid to say you’re doing a good job.