Worked a treat. Thanks all.
Thanks for the update 2.0.3!
Iâm sure this was done internally, you wouldnât see audit results anyway.
1 Like
thanks ndsp, keep growing 
Thanks for chiming in! That is correct, Iâm sure theyâve done an internal audit of the code. However, when it comes to security they should really do an independent security audit, which is usually a marketing point for any company (I should have been more specific in my reference, my apologies). Most major companies to get a security audit usually advertise that this has been done because it gives assurance that their software is secure and is standard practice in mission-critical InfoSec and NetSec. All the tech giants (e.g., Amazon, Facebook, Google, Mozilla, etc.) have done security audits from reputable security firms (e.g., Cure53, NCC Group, Bishop Fox, etc.). The thinking behind it is that itâs difficult to have the same team who created the holes also see clearly enough to fix the same holes they created, sort of the same reason why magazines or major newspapers hire editors. As a software engineer I learned that peer-reviewed code is generally much safer. On some of my projects on some occasions I would spend say an hour writing code, then say 10 hours debugging that same code weeks later downstream. This principle is also why the strongest encryption libraries (e.g., cryptlib, openpgp, openssl, NaCl, etc.) have all been widely audited by a large community of security experts who also in turn use them. Hereâs an example of an independent security audit of the gopenpgp encryption library by SEC Consult: https://gopenpgp.org/assets/Source_Code_Review_-_Proton_Crypto_Library.pdf It doesnât have to be an encryption library, it can be a website or anything that involves software.
The security firm usually does deep penetration testing or peer-reviews the code and sends the company all the holes theyâve identified. That company then patches all the holes and sends it back to the firm, they repeat, and if no further holes are found, they can then say that their software has been audited. There are some large companies that do this regularly, if the code base changes significantly.
It usually isnât too much of diversion of development time resources for a company to do an audit. Itâs just that getting an independent security audit isnât cheap (but on the other hand, neither are lawsuits or class-action cases [such as whatâs happening to Udemy right now] or incidents like these that affect perceptions that may decrease the sale of items such as is what may happen to the Quad Cortex).
3 Likes
Yesterday I backed up my QC and downloaded the update. Everything went well and I can see no issues at all. I cannot imagine how much work you guys must be doing. I wanted to take the time to thank you for it. God bless your efforts and give you the grace to get it done without driving yourselves crazy!
4 Likes
MY NEURAL DOESNâT WORK WIFI I HAVE A GRAY SCREEN
DOES ANYONE KNOW HOW TO UNGRADE WITHOUT WIFI?
news/coros-2-0-3-is-now-available
[/quote]