"Cutting-edge cryptography: Benefit from the latest advances in cryptography research with our Patent-pending technology" as your website says, is a scary statement. If you're not using well vetted cryptography, that's a huge red flag. The Harry Potter quote sums it up best:
“Ginny!" said Mr. Weasley, flabbergasted. "Haven't I taught you anything? What have I always told you? Never trust anything that can think for itself if you can't see where it keeps its brain!”
As relatively security-literate users of an app where we'd be putting personally identifiable information or other details we don't want getting out, it stands to reason we want to see a history of commits on an open source project and a history of security audits and preferably be able to refer to RFC's for the algorithms and protocols used.
Unless you guys open source and publish audit details, it's not worth my time to consider this product. No disrespect meant, it's just common sense.
I don't agree with the statement "because is open-source is more secure"; for example, OpenSSL has been open-source for almost 20 years and it's difficult to consider it really secure. Only code reviews by experts make software more secure.
BTW: quoting Harry Potter doesn't make you look serious.
“Ginny!" said Mr. Weasley, flabbergasted. "Haven't I taught you anything? What have I always told you? Never trust anything that can think for itself if you can't see where it keeps its brain!”
As relatively security-literate users of an app where we'd be putting personally identifiable information or other details we don't want getting out, it stands to reason we want to see a history of commits on an open source project and a history of security audits and preferably be able to refer to RFC's for the algorithms and protocols used.
Unless you guys open source and publish audit details, it's not worth my time to consider this product. No disrespect meant, it's just common sense.