Then everyone continues to search for bugs.
1 Like
Genuinely curious - if I wanted to pay someone to audit the code, what would I need to look up? “Cybersecurity expert”? “Programmer code review”?
The problem seems that most people, besides large companies, don’t really provide this kind of service, as I haven’t been able to find many independent contractors who even offer such a service. Another issue at hand is how large the Qubes project is - it would require a team and not a single person. I haven’t been able to even find a large company who provides this service - but I assume there’s some out there.
Community Audit is probably the only realistic way the code could be “independently” audited, but the people who are suspicious about Qubes OS and the team who contributes to the project is probably going to be suspicious of anything being posted on the forum as “proof” it’s been audited, as to them it would appear to be coming from the same source.
Maybe one could try to ask Open Technology Fund?
1 Like
There’s an issue for that:
4 Likes
I am not that familiar with this field, there might be better suggestions. But I believe the keyword should be Information Security. I did little bit research on which organization might help.
First is a University based in Zurich, many of the faculty their has been working for top banking security firms in switzerland. Found contact details of the relevant members working on information security/Network Security. Reaching out to them might lead us to, how we should go about this.
- Prof. David Basin - Head of Institute for Information Security
His research focuses on Information Security, in particular on foundations, methods, and tools for modeling, building, and validating secure and reliable systems
Contact information - ADDRESS AT ETH ZURICH
- Prof. Shweta Shinde
Secure & Trustworthy Systems Group
Contact information - https://sectrs.ethz.ch/
- Prof. Adrian Perrig - Network Security Group
Lead at the Swiss Federal Institute of Technology (ETH Zurich),
Anapaya Systems Co-founder
Contact Information - Network Security Group, ETH Zurich
The company run by this guy may provide the solution
Another institution dealing with Information Security and Privacy
Zurich information Security and Privacy center
ZISC is an industry-funded research center of ETH Zurich where PhD students and senior researchers perform academic research under the supervision of ETH faculty members.
website - https://zisc.ethz.ch/
Also theres this cyber security firm that provides service called watchtower, which may be similar to what we are looking for
I am not sure how feasible these options are but this is what i could find so far. If you have better options, please dont hesitate to add.
1 Like
There has been no audit of the qubes code yet.
We don’t know that. Interested parties may have done it.
There has been recent news of Microsoft introducing an update called RECALL, which will take screenshots of your screen every five minutes and the ai in the os will analyze those to provide users insights and the data might also be shared with tird-party
Next steps: do this through eye/ear/brain implants. (Anon (film) - Wikipedia)
Ironically, GitHub’s code resides on a Microsoft owned platform. Is there a backup from which everyone can download in case of e.g. censorship? - I don’t know.
1 Like