A SaaS solution that claims to be private but won’t provide the backend code to prove it. You don’t find it at all suspicious that they claim releasing backend code would make it less secure? What kind of security product is not open for inspection? The same kind of “security” you get from Microsoft.
They can’t finish a single solution
Gee, it’s almost as if that’s the whole point of an ever-evolving SaaS platform.
timewarp@lemmy.world 4 months ago
Gestrid@lemmy.ca 4 months ago
I imagine it probably is inspected, just not by the public. They probably do it themselves.
And they may have contracts with certain companies specializing in this sort of security that also inspect it.
And there’s also the cybersecurity companies that test it whether they’re contracted or not. At some companies, their entire job revolves around finding bugs (especially security bugs) in other companies’ software.
Just because it’s not on GitHub doesn’t mean it’s not a good product that hasn’t been thoroughly tested.
Excrubulent@slrpnk.net 4 months ago
Surely we’re not gullible enough to accept “we inspected ourselves and determined we are secure and you should use our services”?
Gestrid@lemmy.ca 4 months ago
That’s where the second and third paragraphs come in. Because other companies likely test it themselves, too.
They’ll typically report security bugs privately and then, after X amount of months, publicly announce the bug. Doing it this way will, ideally, force the other company to patch the bug prior to the announcement. If not, they’ll end up with a publicly known security bug that bad actors can now exploit. The announcement will also let the public (including companies) know to update their software.
timewarp@lemmy.world 4 months ago
You realize that Microsoft code is inspected as well, even more heavily and regulated… and yet they still end up with major breaches. Security evolves through open source collaboration and inspection by experts that aren’t being paid to say you’re doing a good job.
deezbutts@lemm.ee 4 months ago
Yeah because enterprises primarily use a ton of open source security tools…
ಠ_ಠ
timewarp@lemmy.world 4 months ago
Enterprises are using a plethora of open source tools at this point. They may still utilize closed source solutions, but they definitely have quite a bit of open source solutions tied in.
micka190@lemmy.world 4 months ago
You don’t find it at all suspicious that they claim releasing backend code would make it less secure? What kind of security product is not open for inspection?
No, because Proton has 3rd party audits all the time and they share the results openly.
timewarp@lemmy.world 4 months ago
Microsoft has third party audits all the time and say they’re secure, and then you learn of new backdoors every 6 months. Audit companies are unreliable and paid to give good feedback while doing the least work possible.
slooopy_potatoe@lemm.ee 4 months ago
Releasing unfinished products and expect users to just make do while they launch the next product can’t be the solution either.
micka190@lemmy.world 4 months ago
Then it’s a good thing all of their products are fully functional and working as advertised, I guess.
slooopy_potatoe@lemm.ee 4 months ago
Sure, whatever you want to belief :)
naught101@lemmy.world 4 months ago
Which bits are not functional? I’m using their email and calendar… they aren’t completely polished, but they’re very usable.
Muscar@discuss.online 4 months ago
Congratulations, you put the final nail in the coffin of proof that you’re an idiot with that comment.
Believe*