Open source is the only way to security in most cases.

imtringued · on Dec 26, 2019

Most of the security benefits come from giving the vendor an incentive to update their software quickly. I've often seen proprietary companies delay security critical patches until the next release or sue well meaning people who are reporting vulnerabilities (to the companies) as hackers to hide evidence of vulnerabilities.

There is a reason why so many vulnerabilities are found and reported in Linux compared to e.g. Windows. There is no censorship that tries to make the world look prettier than it is.

cies · on Dec 27, 2019

Everyone who cared to comment seems to agree that open source is a prerequisite for proper security in software. Interestingly I got down voted :)

Good point that the security of FLOSS stems from the culture surrounding FLOSS...

reaLg_move_in_3 · on Dec 26, 2019

Sadly much of the implementation is still missing to be audited, things like schematics and hardware design need to be more robust before we can really call this open source hardware.

Fnoord · on Dec 26, 2019

Older YubiKey are still FOSS. Newer not. From the top of my head anything 4+ is closed source.

Whatarethese · on Dec 26, 2019

If its auditable by anyone.

samatman · on Dec 26, 2019

For one meaning of 'auditable by anyone', this is definitional for open-source systems.

Perhaps you mean 'if there's anyone with the domain-specific knowledge to audit the software successfully', well, the first kind of audit should determine that. If there isn't anyone who can evaluate the security claims, that's a pretty strong signal not to use it, no?