Hacker News new | past | comments | ask | show | jobs | submit login

I have never used matrix.org service but I had heard of them previously from their website I could see there was the word ‘security’ or ‘secure’ used a lot.

Reading the blog post I wonder how many security specialists this organisation really has as they would never allow these fundamental errors to be made even with the explanation that they setup their infra in a rush. Dedicated security teams would have surely fixed these basic errors.

I would advise anybody looking for ‘secure’ applications to stay away from these organisations who knows how many possible flaws are deeply embedded in their systems like zero days, memory leaks and more they did not even have a basic security policy system in place... please don’t use the word secure

Isn't a lot of it/all of it reviewable on their github? Does that not help you make a decision on their quality?

Dosent really help if I can just go into their system and introduce my own code into their SDKs or just sign my own release of a build. It just makes me question how secure their build process is? Without security people you cannot claim to be secure?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact