Security Reviews and Feedback

From Kicksecure
Jump to navigation Jump to search

Reviews and feedback about the security of Kicksecure.

Kicksecure has not been subject to a formal audit, but that has little significance. At the time of writing, other security/privacy-focused distributions like TAILS and Qubes have not been audited either. Even major operating systems such as Debian, Arch and Fedora have not had public, published audits to date.

We are unaware of any serious research concerning the above distributions. Further, no experts such as Bruce Schneierarchive.org for cryptography exist for a security-focused operating system review.

Even the usefulness of any published audit must be considered. Audits of software and operating system platforms are necessarily carefully defined and limited in scope due to the size of the undertaking. There are no all-encompassing audits that thoroughly examine or evaluate every possible aspect of security.

To explore this issue in further detail, consider the GNU wget computer program that retrieves content from webservers. Has wget ever been audited? Even if it has, what did the audit entail -- a professional company, providing software security audits as a service or some kind of certification? At present no such entities exist to provide this service in the Freedom Software Open Source ecosystem, meaning there are no quality seals for Linux distributions.

If the reader is aware of any such examples, please get in contact or edit this section. Also consider whether it is reasonable to expect a reputable organization or individual to make statements like: "GNU wget has been audited and no security vulnerabilities were found". In reality it usually happens the other way around; when someone reviews the source code and finds nothing wrong, nothing is reported. On the other hand, if a vulnerability is found that is worth some fame. In essence, anyone who claims beforehand to have found no security issues does not receive a boost to their reputation, but in fact risks looking bad if problems are discovered later on due to their previous statements about nil security issues.

Anybody undertaking an audit of Kicksecure is kindly asked to edit this section or get in contact so the outcome can be linked here.

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!