Security audits are a funny thing. We lack the (financial) resources for regular, thorough penetration tests. However I’m aware that some of the higher profile users of #Conversations_im occasionally perform audits without my direct involvement and without publishing it afterwards. Those audits aren’t adversarial as indicated by them wanting me to fix what they find.
The funniest instances are when they want to be credited for finding an issue but refuse to make the audit public.
JC Brand
in reply to Daniel Gultsch • • •Just curious, why specifically do you insist on the audit being made public?
Is informing you of the issue not enough to be credited?
I do think it's obnoxious and annoying to demand that someone fix something for you without offering them any payment for it.