Crowdfunding code reviews [was: GnuPG Safe]

grarpamp grarpamp@gmail.com
Wed Jul 24 00:29:48 PDT 2013


On Tue, Jul 23, 2013 at 11:08 PM, Peter Gutmann
<pgut001@cs.auckland.ac.nz> wrote:
> Having code that's open source doesn't help at all if no-one looks at it.

It is easy to write code. Harder to write it securely. Even harder to spot
your own mistakes. And unless perfect written from the start, will need
reviewed and fixed. Yet time to review and fix is not as free as the time
writing it, is often viewed as a chore, and happens far less than open
source assumes it does.

Are we developed enough to begin putting together lists of most critical
libraries/tools/apps and pipelining them through a crowdfunded independant
peer review program? (501c3 perhaps) Or at least put bounties on the
same lists.



More information about the cypherpunks mailing list