It certifies what it says on the tin: an independent audit was performed by Cure53. You are correct in believing that certifying complex software to be free of bugs to be practically impossible at the moment.
But which product would you rather use: one where you have to trust the developers, or one where you have to trust the developers plus an independent team got 5 weeks of paid time to study it for any flaws?
As someone working in this industry, I can also say it's significantly harder to find exploitable bugs after another audit team went over it already. A criminal would have the same problem and might chose another target instead.
But which product would you rather use: one where you have to trust the developers, or one where you have to trust the developers plus an independent team got 5 weeks of paid time to study it for any flaws?
As someone working in this industry, I can also say it's significantly harder to find exploitable bugs after another audit team went over it already. A criminal would have the same problem and might chose another target instead.