Hacker News new | past | comments | ask | show | jobs | submit login

Then no it doesn't work like that. (I do security audits for a living btw and happen to have audited many e2e encrypted messaging apps.)



There is more than one kind of security audit. The kind you do looks at the code and determines if it contains bugs. The kind I'm talking about looks at what is being served by a server and determines if it conforms to published invariants. (I hire security auditors for a living ;-)

[UPDATE] Now that I think about it some more, I guess that kind of auditor is analogous to a financial auditor, as you said. I didn't really make that connection before because the nature of the work is very different, but it's a fair analogy.

[UPDATE2] Looking back at your previous comment I see that the word "regulation" is in there. I'm not sure if you edited your comment or if I just missed it before, but my recollection of reading that comment is that it said "financial audit". Either way, I apologize for the misunderstanding and subsequent confusion.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: