Twitter Threads: on Open Source


“Open Source” means nothing if there is no one that audits your code.

It tends to become a smokescreen that signals “Nothing wrong here! Open Source, you know!”
It’s like saying a huge warehouse full of clocks is “safe” because everyone can check them all.

If there’s one in the centre with a bomb attached, there is no way to find it until it’s too late.
Most users have no way to check the code due to lack of relevant skills: they still need to rely on experts, whose time is precious. So it comes back to trust.
The onus of creating transparency is on the creator, not the community.

If you pump out unannotated code “because annotating is boring”, then you are still creating a black box by not making your code auditable as easy as it could be.
It’s my guess that 95% of all crypto projects suffer from this, either conciously or unconciously.

Bas Wisselink
Follow me
Latest posts by Bas Wisselink (see all)

Add comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent Comments