-
Notifications
You must be signed in to change notification settings - Fork 769
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Audit #103
Comments
Hi @tanx, We've done an internal review and so has Scytl. They use forge in all of their online elections to perform cryptographic operations in their JavaScript-based voting clients. If you do any sort of security audit, we can add your company to a list of reviewing companies that we can include with the project. |
@dlongley do you know if Scytl made the results of their audit available? Did they feed back any issues to you after having it done? |
@devgeeks, I asked Scytl to see what kind of feedback they were able to give; they provided a brief, informal summary of what they reviewed and their experience with forge. Here's their response (from Sandra Guasch Castelló):
|
"In conclusion, in general we have not been looking at the implementations themselves, but checking if they were correct by testing the compatibility against reference libraries." How is that a security audit? |
It's not. That was my point on explaining what we did. |
So no security audit yet, correct? Thanks. |
It might be worthwhile to see if these auditing projects are operational and open for audits: https://opencryptoaudit.org/ |
Hi,
we're using forge for our app and were wondering if forge already went through an in depth security review?
Thanks
The text was updated successfully, but these errors were encountered: