STdevK
commented
1 week ago The 2019 audit report includes security findings and fixes implemented. Can you share with us what are some of your concerns about v2.0.0?
Open CharlieMc0 opened 1 week ago
STdevK
commented
1 week ago The 2019 audit report includes security findings and fixes implemented. Can you share with us what are some of your concerns about v2.0.0?
CharlieMc0
commented
1 week ago I'd like to know if the 84 commits between v1.1.1 and v2.0.2 have been reviewed by an independent 3rd party and is the report is public?
I wasn't able to find any additional reports in this repo and I am hoping it's available but hasn't been uploaded. I am not a cryptograpy expert so I have to use 3rd party audits and whether the code has been battle tested in public to determine the security and safety of it. I am with one of the many projects who rely on a fork of TSS-lib and we're trying to determine the best path forward whether we rely on your recent upgrades or go our own direction.
I appreciate any help and insights into how the code has been verified and tested. Thanks
CharlieMc0
commented
3 days ago Any information you can share here? And which version do you run internally?
Is there a public audit report for version 2.0.0? It seems like you fixed a number of audit findings but there is no public report verifying the fixes or that new bugs were not introduced.