Is Trail of Bits doing random checks on your running infrastucture to verify that you are not changing your software against your users?
No. That is not what security audits are. Security audits ensure that software does safely what you, as service orderer claim, in a single moment. Usually including checklist.
But they cannot guarantee that you don’t change software between audits.
That is why E2EE exists as then it does not matter and we don’t need to trust.
Open-source, security audited client for E2EE communication with reproducible builds is the magical, correct combination to ensure both security and privacy.
What exactly got tested in each of these assessments, and what conclusions did those assessments draw? I asked this upthread and I'm asking here again, because "we've had 4 audits" doesn't mean anything without that detail.
No. That is not what security audits are. Security audits ensure that software does safely what you, as service orderer claim, in a single moment. Usually including checklist.
But they cannot guarantee that you don’t change software between audits.
That is why E2EE exists as then it does not matter and we don’t need to trust.
Open-source, security audited client for E2EE communication with reproducible builds is the magical, correct combination to ensure both security and privacy.