[liberationtech] Advice and feedback on our crypto software audits
David Dahl
ddahl at nulltxt.se
Thu Feb 20 07:41:09 PST 2014
Good Morning Crypto and Privacy Enthusiasts,
[X-posted to randombit, metzdowd and liberation-tech]
I'd like to solicit feedback from the crypto/privacy community on
development procedures for bringing a new cryptography product to market
in a responsible manner with sufficient review and vetting of its design
and security claims.
The product ( Crypton, https://crypton.io ) is open source (AGPL) and a
high level 'secure-by-default' framework for building collaborative
multi user applications. Naturally, this is a web framework, but
deployment is currently recommended for HTML5 mobile apps and browser
extensions.
Here's the first part of the story about how we've approached security
auditing so far. I'm curious if there are more efficient ways to
leverage the security review budget.
https://spideroak.com/blog/20140220090004-responsibly-bringing-new-cryptography-product-market
Thanks in advance,
David Dahl
Crypton Director, SpiderOak
https://spideroak.com
https://crypton.io
More information about the liberationtech
mailing list