Security audit of the source code?

Comments

6 comments

  • Avatar
    Firewalla

    Well, code audit is a huge topic;  it depends on the code and it also depends on how (human vs. tools).   Which ones are you interested in?

    And of course, if you are in the camp that says "security bugs are just bugs in software", then we do have a very big test team that looks at everything... and with this huge team ($$$),  often causes releases to be slow. (example 1.972)

    1
    Comment actions Permalink
  • Avatar
    Daniel

    I was mostly interested if any external security researcher have done a review of the code.

    Or if any penetration tester have reviewed the box itself.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Yes, we do have a lot of people with various backgrounds looking at different parts, and they were kind enough to work with us on the potential findings/issues. 

    0
    Comment actions Permalink
  • Avatar
    Daniel

    Sounds great, but nothing publicly available?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    We do have a few who wrote papers, which may be publicly available.  We also have people use our box to test other devices, not sure if you are interested in such, https://www.nytimes.com/wirecutter/blog/smart-home-security-privacy/

     

    1
    Comment actions Permalink
  • Avatar
    Daniel

    Anything that’s publicly available is interesting!

    0
    Comment actions Permalink

Please sign in to leave a comment.