You can pre-add the authority through other interfaces like PeakD and Hive.blog.
I believe everything should support keychain, but even that isn't audited.
You are viewing a single comment's thread from:
Sort: Trending
What would an "audit" or auditor do?
Keep an eye on the github repo?
Look for exploits in the live app?
"PenTest" the company itself?
Generally review the code for security issues and/or exploits. Ideally, regularly, but most are lucky if it is even done once halfassed.
Loading...
I agree on auditing or more eyes on codebase and what apps are doing by checking their source code if open. Hivesigner is opensource, audited at least by Ecency team and previous creators, anyone still can check codebase. A lot of misinformation will push people using unsecure or closed source solutions which isn't helping.
Audited code is way more secure than closed source or unaudited code. BUT, reviewing a githib repo won't make the app secure! What stops the dev to alter the deployed version of the codebase and add some malicious parts?
The repo would look nice and shiny but a small change on the real server could be dangerous. So the full review should check the live webserver too. And it wouldn't be bulletproof either as you can swap dns record overnight or add changes after the audit.