Audited claim of not sending actual data to elsewhere #337
Replies: 1 comment 1 reply
-
|
Hi @vietnguyengit, Thank you for the suggestions. We will be enabling a vulnerability check for GitHub scanning shortly. In the meantime, all of our source code is open source, so it is fully transparent to the community. @wwwy3y3 will follow up with the vulnerability check enablement. In regards to third-party auditing, we plan to go through a SOC2 report this year and will follow up with related information with the community soon! |
Beta Was this translation helpful? Give feedback.
-
|
Hi @vietnguyengit we have enabled all the items on GitHub security, including code scanning & dependabot alerts. We'll keep an eye on the alerts.
|
Beta Was this translation helpful? Give feedback.
-
Hi, first of all, thank you for creating this project and make it open-source;
I read through this page:
https://docs.getwren.ai/concept/security
There is this claim:
To many it's gonna be like a random guy on Reddit saying
trust me bro; this againsttrust no oneprinciple.And I know some gonna says, it's open-source, you can inspect the code. True, but not true at the same time; it takes time and effort to look into every corners of the existing code, and being open-source doesn't automatically mean the app is safe. Remember the Dirty COW
My suggestions for you when dealing database connection nature are:
Beta Was this translation helpful? Give feedback.
All reactions