That statement also said you have to audit binary even if the code is open source. Which isn't entirely true as other comments pointed out - reproducible builds - but the idea doesn't seem like pushing back to me. It was to point out that open source doesn't automatically imply any level of trust when it comes to security/privacy.
That statement also said you have to audit binary even if the code is open source. Which isn't entirely true as other comments pointed out - reproducible builds - but the idea doesn't seem like pushing back to me. It was to point out that open source doesn't automatically imply any level of trust when it comes to security/privacy.