NexBox: audit of software (and hardware?) planned?

Tencel · February 9, 2021, 10:53am

Hi all,

Nitrokey’s general strength is its firm commitment to open-source, so that other’s can check for bugs/backdoors etc. Also for the NextBox, Nitrokey published all the code to GitHub. However, not all end-users have the educational background to actually do this; especially regarding the NextBox, which is conceived as something maybe even your grandmother (or mother) could use, a third-party audit of the software seems important.

I was wondering whether Nitrokey aims to have some kind of software (or even hardware, if useful) audit from a third-party, which checks the software for any (privacy- / security-related) problems?

Thanks!

daringer · February 24, 2021, 9:51pm

Hey Tencel,

currently there is no audit planned and I can’t promise that this will happen.
But overall we rely on the Nextcloud security, means that you can only interact with the device, if you are logged in as an administrator into Nextcloud. They also provide pretty extensive security reviews, audits and so on.

best