We are currently in talks with Quarkslab about possible contracts for getting our supported apps audited.
We have selected Quarkslab as a candidate for multiple reasons. They have a strong team of professional staff that works heavily in the areas of software security auditing and cryptography. They have done public audits of independent software before and their work was deep and detailed. Their work on auditing the ChatSecure application for iOS was impressive. They found multiple critical vulnerabilities that are subsequently being fixed and improved the platform and the trust in the application. We also selected Quarkslab because they are a French company that is not a member of the 5-eyes surveillance alliance. We believe that if a backdoor into a supported app existed, that backdoor would most likely belong to a 5-eyes nation, and those countries could exert enormous pressure on companies that reside within that state to hide evidence of clandestine activity.
The large, highly skilled staff, their track record with auditing, and their non-affiliation with 5-eyes makes Quarkslab an ideal candidate for us.
Getting our supported apps audited is a primary goal for OSTIF. We strongly believe in the open-source model for security applications and our ultimate goal is to bolster the security and trust in these apps.