Skip to content

Signal has no security audit reports published#9

Open
link2xt wants to merge 1 commit intobkil:masterfrom
link2xt:signal-audits
Open

Signal has no security audit reports published#9
link2xt wants to merge 1 commit intobkil:masterfrom
link2xt:signal-audits

Conversation

@link2xt
Copy link
Contributor

@link2xt link2xt commented Feb 23, 2025

No description provided.

@chadsec1
Copy link
Contributor

chadsec1 commented Oct 5, 2025

Signal protocol(s) has many audits, but I agree that the implementations appear to have no audits (at least none I could personally find through googling)

@bkil
Copy link
Owner

bkil commented Oct 10, 2025

So, the main issue with this change is that each property in the chart needs to be terse and well referenced. Prose, and especially speculation does not belong here. You may find a place to elaborate in data/_doc/signal_review.md, though.

You can separately note audits about the app and its protocol as well. As so few apps have such, we had historically considered it a yes if either one had an audit, but as more messengers receive audits, we may reconsider this. Hence why a note should be carried in the description about which part was audited, but not much more elaboration is needed there.

And then you only want to link one or two sources here that carry substantial and reputable claims. I.e., about the page where the vendor claims the audits and lists the organizations who have done it (even if the pdf is not available to you).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@link2xt @chadsec1 @bkil