Dashlane Publishes Its Source Code To GitHub In Transparency Push (techcrunch.com)
- Reference: 0170262497
- News link: https://yro.slashdot.org/story/23/02/03/2239214/dashlane-publishes-its-source-code-to-github-in-transparency-push
- Source link: https://techcrunch.com/2023/02/02/dashlane-publishes-its-source-code-to-github-in-transparency-push/
> The Dashlane Android app code is [2]available now alongside [3]the iOS incarnation , though it also appears to include the codebase for its Apple Watch and Mac apps even though Dashlane hasn't specifically announced that. The company said that it eventually plans to make the code for its web extension available on GitHub too. Initially, Dashlane said that it was planning to make its codebase "fully open source," but in response to a handful of questions posed by TechCrunch, it appears that won't in fact be the case.
>
> At first, the code will be open for auditing purposes only, but in the future it may start accepting contributions too --" however, there is no suggestion that it will go all-in and allow the public to fork or otherwise re-use the code in their own applications. Dashlane has released the code under a [4]Creative Commons Attribution-NonCommercial 4.0 license , which technically means that users are allowed to copy, share and build upon the codebase so long as it's for non-commercial purposes. However, the company said that it has stripped out some key elements from its release, effectively hamstringing what third-party developers are able to do with the code. [...]
>
> "The main benefit of making this code public is that anyone can audit the code and understand how we build the Dashlane mobile application," the company wrote. "Customers and the curious can also explore the algorithms and logic behind password management software in general. In addition, business customers, or those who may be interested, can better meet compliance requirements by being able to review our code." On top of that, the company says that a benefit of releasing its code is to perhaps draw-in technical talent, who can inspect the code prior to an interview and perhaps share some ideas on how things could be improved. Moreover, so-called "white-hat hackers" will now be better equipped to earn bug bounties. "Transparency and trust are part of our company values, and we strive to reflect those values in everything we do," Dashlane continued. "We hope that being transparent about our code base will increase the trust customers have in our product."
[1] https://techcrunch.com/2023/02/02/dashlane-publishes-its-source-code-to-github-in-transparency-push/
[2] https://github.com/Dashlane/android-apps
[3] https://github.com/Dashlane/apple-apps
[4] https://creativecommons.org/licenses/by-nc/4.0/
Dashlane needs to do like 1Password and Codebook.. (Score:2)
Dashlane needs to consider the option of having a secondary, randomly generated key, similar to 1Password and Codebook. This would be used to set up a device, and the user would be expected to save it aside and store it securely. This way, all password data sitting on their backend storage would be infeasible to brute force, unless the attacker could access the endpoint and get the secondary key.
Doing this would ensure that anything stored this way will be sure. This, and encrypting EVERYTHING in the dat
Too little too late (Score:2)
Too late, I already ditched them due to their obscene pricing (which jumped +50% a few years back). They've ignored please for years for a cheaper tier without all the BS that puts them more in-line with their competition.
Switched to Bitwarden and haven't looked back. Actually found many ways I like how Bitwarden works better.
Impressive (Score:2)
Good to see. Hope others follow suit