Re: SECURITY FEATURES


Quentin Christensen
 

Hi Heaven,

Others have already put forward the main points, as well as the link to our corporate and government page: https://www.nvaccess.org/corporate-government/

We specifically addressed this concern on that page for basically the reasons you have outlined.  I would also point out the "Open Source" section on that page and the links to both the UK and the US government policies promoting the use of open source software.  I only picked those as the governments of two major countries.  in fact, since you mention South Africa, I would direct you to the South African Government's own Free and Open Source Software (FOSS) policy, which not only promotes the use of Open Source software, the first point of the revised policy states:

"The South African Government will implement FOSS unless proprietary software is demonstrated to be significantly superior. Whenever the advantages of FOSS and proprietary software are comparable FOSS will be implemented when choosing a software solution for a new project. Whenever FOSS is not implemented, then reasons must be provided in order to justify the implementation of proprietary software."


Obviously that policy is only binding to government departments, but it is a pretty strongly worded, official endorsement of open source software.

With regard to the specifics of NVDA itself, it should be noted that it has very little internet connectivity (essentially just to check for updates - and the details of the information shared are on our corporate page previously linked to) - and if you are still concerned, you can run NVDA in secure mode AND block it's ability to access the internet, and the only single thing that will change is that the program won't be able to check for updates (and this fails silently, there is no error or nag about it).

If you (or any of the companies you approach) do have any further concerns, please feel free to raise them here or contact us at info@...

Kind regards

On Fri, Jan 29, 2021 at 8:24 PM <heaven.lists92@...> wrote:

Dear List

 

Could one of the developers please contact me regarding the following queries:

 

  1. JAWS fanatics often reference the fact that JAWS has a closed source, paid licence, as the main reason for its increased security, especially in the workplace.  As NVDA is open source, many companies are scared to use it, since they are afraid of the security risks involved with opensource licences.  How do NVDA developers make sure that the source code for NVDA is secured so that hackers cannot attach trojans or viruses, etc to it.
  2. How do the developers make sure that information, such as personally identifiable information used in call centres and health institutions, is not at risk when using NVDA?

The reasons why I am asking these questions are as follows:

 

  1. I love using NVDA on my home computer and would really encourage anyone to use it with all the features it offers without a yearly over-priced subscription.
  2. I need to recommend screen reading software to some companies in South Africa who are scared of the risks involved in installing open source software.
  3. NVDA has so many more languages that it supports with braille and speech, while JAWS is quite limited. Furthermore, NVDA is simpler to use than JAWS and I would love to see it being implemented in more companies since it is free and legal, preventing companies from resorting to illegal software.

Thank you for your help

 

Heaven



--
Quentin Christensen
Training and Support Manager

Join nvda@nvda.groups.io to automatically receive all group messages.