“Open Source” means nothing if there is no one that audits your code.
It tends to become a smokescreen that signals “Nothing wrong here! Open Source, you know!”
It’s like saying a huge warehouse full of clocks is “safe” because everyone can check them all.
If there’s one in the centre with a bomb attached, there is no way to find it until it’s too late.
Most users have no way to check the code due to lack of relevant skills: they still need to rely on experts, whose time is precious. So it comes back to trust.
The onus of creating transparency is on the creator, not the community.
If you pump out unannotated code “because annotating is boring”, then you are still creating a black box by not making your code auditable as easy as it could be.
It’s my guess that 95% of all crypto projects suffer from this, either conciously or unconciously.
"Open Source" means nothing if there is no one that audits your code.
It tends to become a smokescreen that signals "Nothing wrong here! Open Source, you know!"
— Bas Wisselink (@DamelonBCWS) June 6, 2018
Latest posts by Bas Wisselink (see all)
- Thoughts on “A Cypherpunk’s Manifesto”, part 8 - January 21, 2019
- Studiegroep voor de University of Nicosia MOOC start in januari 2018 in Amsterdam! - January 9, 2019
- Bitcoin: More than Miners, revisited - November 12, 2018
Also published on Medium.