Comment by LtWorf
10 hours ago
> You can write whatever you want into a contract, but if you have no way to validate it, it's meaningless.
3rd party audit like everything else?
10 hours ago
> You can write whatever you want into a contract, but if you have no way to validate it, it's meaningless.
3rd party audit like everything else?
Okay, if you want to pass responsibility off to someone else, how does the third party auditor do it?
I'm not talking about checking a compliance box, I'm talking about actually confirming no backdoor exists.
That's proving a negative. You are always going to end up with something like 'to the best of our ability'.
You figured it out. It's trivial to include a backdoor in a large system of systems, and one placed by a remotely competent adversary will not be found.
So what's the point of a regulation that can't be enforced?
So you claim it's never possible to audit anything?