Tool Code Review

Started by garibaldi, March 09, 2019, 12:10:15 PM

Previous topic - Next topic

garibaldi

I'm aiming to switch from Kali to another distro with more scrutiny around tools.
With regards to new tools (and tools already added to BackBox) is any code review performed to ensure there is no malicious code present?

ostendali

Good question, thanks for askin..
What we aim is not to include individual driven tools and by that I mean the tools that we judge suitable to be included into BackBox are widely known and community driven, developed by more then one individual and therefore gained the trust of Free Open Source Community.

That for us is enough to have a good judgement and not question integrity of the tools we include.

When we re-package the tools we get them from their original sources, not from 3rd party, so are sure that the code is clean. The source code review is not our job but that is done by each community or of we can call it community owner, the developers who build that tool. This is de facto design of Free Open Source Community, default way of tools being designed and architectural.

For instance, if there is a new tool and if it does even solve rocket science issues tomorrow, you will witness how hard is to get that tool included into BackBox when the author proposes that.

Nobody reviews a code that has been already under scrutiniy of the community,. You need to trust that community and if you don't there is no point sticking around as the only way for you to build everything on your own from scratch.

I hope this answers your question.

Thanks