undefined | Better HN

0 pointsfeanaro3y ago0 comments

> Most of Brave is developed in the open. Where it isn't, there are good reasons why such as for example security.

I don't think you can muster a good security reason for not developing something in the open.

0 comments

It's normal in any open source project to keep security mailing lists and things of that nature private. And for good reasons.

One of the reasons is they are dealing with security related bug reports. Public disclosure before having a fix in place puts users at risk.

Besides that 'security' is a process that all groups are responsible for. So it can't help being _developed_ in the open if the project is open. Which Brave is.

feanaroOP3y ago

I agree with the above. I guess I interpreted the comment as saying some code parts of Brave are not open for security reasons. I don't actually know whether this is true or not.

giancarlostoro3y ago

Code wise, sure, but if you're discussing a 0-day in the wild, you may want to keep it private while you work out the details and the solution, otherwise you're inviting more abuse.

j / k navigate · click thread line to collapse