top | item 40983549

(no title)

ronyba | 1 year ago

Have you done an Independent security review of these features? What's your CRS score? Do you have CVE fix SLA in place? All these features are good if this was. 2000 website but a single vulnerability in any one of the vendors of your tech stack will compromise your users

discuss

sweca|1 year ago

Server side encryption is handled using the Go standard library. A more detailed breakdown of the process can be found in the Help Center. TLDR: It's reputable, and best practices are followed through cryptographically secure generation, random IV, high entropy keys, memory hard hashing, etc.

Paste end to end encryption uses the native window crypto subtle API, widely used and reputable.

ronyba|1 year ago

Coming from cyber security one thing I have learnt is no matter how many layers of security you add nothing is fool proof, I would strongly recommend doing an Independent review getting if not an international certification like ISO or GDPR then something domestic, I like what Mozilla does https://www.mozilla.org/en-US/security/advisories/, this really will enforce trust in your users as today it's really hard to trust websites