Re: NVDA in the workforce and in public institutions

Brian's Mail list account <bglists@...>

I think they are way out of date with that attitude. Programs with closed source are routinely cracked by the less savoury folk out there, and so there is no point in hiding behind that particular wall. Remember it was only a couple of months ago that Ccleaner was issued with a trojan embedded in it on many web sites, and that is paid for software.

The approach in my opinion needs to be much wider than individual software, but system wide and nothing should be taken for granted.

No wonder so much hacking of commercial companies is going on if their admins are relying on others simply because they paid for the software.
Sent via blueyonder.
Please address personal email to:-, putting 'Brian Gaff'
in the display name field.

----- Original Message -----
From: "Mike and Jenna" <>
To: <>
Sent: Thursday, November 09, 2017 6:52 AM
Subject: Re: [nvda] NVDA in the workforce and in public institutions


I have to chime in here. My wife works for the government and they will not allow NVDA either. They said they do not allow anything on their systems ware you can get the code for it online because it forms a security risk for their systems. I love NVDA but can see due to the response form her IT department a hard line against letting NVDA into many government uses.

-----Original Message-----
From: [] On Behalf Of Joseph Lee
Sent: Thursday, November 9, 2017 1:15 AM
Subject: Re: [nvda] NVDA in the workforce and in public institutions

Hi Sky,
I'm sure Quentin will weigh on this more, but when you meet this person next month, can you ask him the following questions:
* Please define "security".
* So it was claimed that closed source products are more secure. There are tons of examples where open-source software might offer equal or better security, not because of openness of code, but due to potential to fix issues early on through contributions. What's your opinion on that?
* Until a few years ago, using NVDA in professional setting was only a dream, but we're getting to a point where more organizations are choosing to use NVDA, and there are international examples out there. Do you have any comments on that?
* So Window-Eyes was chosen due to "perceived improved security due to close-source nature of the program". What is more secure in 2017: unsupported program that people cannot offer quality security fixes on a timely manner, or an open-source product that does have community backing, including looking out for security problems?
In case this person asks who and why these questions are asked, please tell him that a reputable NVDA developer asks these questions, and this developer is asking tough questions to get this person to think critically. If he asks, "why should I care or think critically", please tell him that thinking critically allows one to make better choices in the end, including policy decisions (yes, that's my debator side coming out). In the end, it would be much better (strategically) if you frame these questions as though you are asking them, because it also allows you to think carefully about what you are dealing with.

-----Original Message-----
From: [] On Behalf Of Sky Mundell
Sent: Wednesday, November 8, 2017 10:04 PM
Subject: Re: [nvda] NVDA in the workforce and in public institutions

Hello. Let me check with him next month, and I'll get back to you on this subject.

-----Original Message-----
From: [] On Behalf Of Bhavya shah
Sent: Wednesday, November 08, 2017 10:02 PM
Subject: Re: [nvda] NVDA in the workforce and in public institutions

Hi Sky,
Before we debate the security of NVDA, I think we need to get the case of the library representative clarified. Firstly, what are the bases of this assertion that NVDA is less secure? Secondly, assuming that the claimant has the requisite technical knowhow, has he perused NVDA's source code to substantiate this claim? Thirdly, are there any specific security vulnerabilities or exploits present in NVDA that he can point us to?
Unless the library representative can provide cogent responses to the above questions, or strengthen his claim by concrete evidence, I would dismiss such a comment as a misinformed and groundless one which holds no water.

On 11/9/17, Sky Mundell <> wrote:
Hello All. Today, I was at our monthly technology meeting at a public
library here in Victoria, British Columbia, and NVDA was one of the
screen reading options discussed to a new participant who had low
vision. However, the tech at the library looked at it, and he told the
group that it was less secure, and they commented that it was better
for home use, rather than in corporate environments. Would NV Access
staffers like to comment on this issue, and what can be done to
address this issue? Because they were going to settle on the
Window-Eyes for office option back when it was being updated, but as
we all know it got discontinued and they did look at Window-Eyes as an
option and they were more in favour of it due to it not being Open
Source. They also did have JAWS for a time but got rid of it due to
lack of training and they would have had to spend money to get
somebody from FS to train them on it. Any suggestions you guys could give me would be greatly appreciated! Thanks, Sky.

Best Regards
Bhavya Shah

Blogger at Hiking Across Horizons:

Contacting Me
E-mail Address: Follow me on Twitter @BhavyaShah125 or Mobile Number: +91 7506221750

Join to automatically receive all group messages.