Code doesn't really work like that as it can all be changed at run time. It would take months to establish credibility for something like this. You'd have to randomly sample running code, decompile it (usually painstakingly) and verify nothing changed from static code. Let alone checking out all the code logic in general and vulnerabilities (sometimes intentional) of the supporting infrastructure. To do it properly you are talking about needing a team of some of the highest paid minds in the country and can easily cost millions.
EDIT: Not to mention that it could be changed the second you stop auditing.
It was a great question and is much like basic personal financial knowledge, it is missing from our current curriculum in the USA. People have placed so much trust in tech but those of us who build the stuff most people use know security is, in a lot of cases, smoke and mirrors. Almost every part of it is blind trust.
Code doesn't really work like that as it can all be changed at run time. It would take months to establish credibility for something like this. You'd have to randomly sample running code, decompile it (usually painstakingly) and verify nothing changed from static code. Let alone checking out all the code logic in general and vulnerabilities (sometimes intentional) of the supporting infrastructure. To do it properly you are talking about needing a team of some of the highest paid minds in the country and can easily cost millions.
EDIT: Not to mention that it could be changed the second you stop auditing.
It was a great question and is much like basic personal financial knowledge, it is missing from our current curriculum in the USA. People have placed so much trust in tech but those of us who build the stuff most people use know security is, in a lot of cases, smoke and mirrors. Almost every part of it is blind trust.
Exactly. Yet another reason why we should be using PAPER BALLOTS only.