Skip to main content
Information Security

All Questions

Ask Question
Tagged with
4 questions
NewestActiveBountiedUnanswered
2votes
1answer
515views

Use of openssl could be a weak point in an Android App?

I'm reviewing an Android app (consists of Java and C source). There are complicated obfuscation steps in the build process (for content protection). But it uses statically linked openssl library ...
9dan's user avatar
9dan
  • 133
19votes
8answers
2kviews

Trust Issues Relative to Open Source

Two separate discussions have very recently opened my eyes to an issue I had not considered – how to confirm the Open Source binary that one uses is based on the published source code. Zooko Wilcox-O'...
zedman9991's user avatar
zedman9991
  • 3,447
4votes
1answer
361views

auditing open source compiler binaries for trojans

It is a well known vulnerability that a properly altered compiler binary can transfer itself to new binaries of the compiler, and still be entirely absent from the source code. But how real is this ...
lurscher's user avatar
lurscher
  • 1,250
8votes
5answers
2kviews

Is it safer to compile open source code vs simply running the binary?

I understand that with OpenSource software, my milage may vary based on the trust of the author and the distribution platform they use (Codeplex, Git, or private server). Oftentimes a FOSS website ...
makerofthings7's user avatar
makerofthings7
  • 51.1k

close