Re: SECURITY FEATURES
toggle quoted messageShow quoted text
To add to our (NVDA contributors’) commitment to privacy (as asked earlier), part of the reason for including “no logging” option is to prevent logging potentially sensitive information, and I and many others have specifically advised the NvDA community to send debug logs privately to developers (debug log includes input and output information, and once I interpret the log, I destroy it immediately).
Another point to consider: I think the more important issue is security of add-ons, as add-ons are employed in specific contexts for various things (employment included). That’s why the add-ons community is serious about add-on security, and that we require that add-ons avoid insecure practices such as modifying files outside of specific folders without permission in order to get accepted into community add-ons website distribution (I sometimes use open-source tools such as Mypy and Flake8 to look for subtle bugs, including security bugs).
From: firstname.lastname@example.org <email@example.com> On Behalf Of Brian Vogel
Sent: Friday, January 29, 2021 6:11 AM
Subject: Re: [nvda] SECURITY FEATURES
The myth, and it is a myth, that proprietary (closed-source) software is somehow "safer" has been disproven by many security experts. There is a complete misunderstanding of what open-source even means. Open-source software is available for anyone to view the source code, which makes it less susceptible to "sneaking something in" than closed-source software is (though I'll admit that virtually all proprietary software makers have good code security practices, as do any major open-source shops). You cannot view proprietary source code, so you have no way of knowing what's actually in there. The recent hack of Solar Winds was an excellent example that proprietary software, and ubiquitous proprietary software, can be hacked,
Brian - Windows 10 Pro, 64-Bit, Version 20H2, Build 19042
The depths of denial one can be pushed to by outside forces of disapproval can make you not even recognize yourself to yourself.
~ Brian Vogel