Open CharlieMc0 opened 1 week ago
The 2019 audit report includes security findings and fixes implemented. Can you share with us what are some of your concerns about v2.0.0?
I'd like to know if the 84 commits between v1.1.1 and v2.0.2 have been reviewed by an independent 3rd party and is the report is public?
I wasn't able to find any additional reports in this repo and I am hoping it's available but hasn't been uploaded. I am not a cryptograpy expert so I have to use 3rd party audits and whether the code has been battle tested in public to determine the security and safety of it. I am with one of the many projects who rely on a fork of TSS-lib and we're trying to determine the best path forward whether we rely on your recent upgrades or go our own direction.
I appreciate any help and insights into how the code has been verified and tested. Thanks
Any information you can share here? And which version do you run internally?
Is there a public audit report for version 2.0.0? It seems like you fixed a number of audit findings but there is no public report verifying the fixes or that new bugs were not introduced.