all InfoSec news
How do we know that the published source code and the code running in the live application is same ?
The title might be confusing , but what I meant to ask is , If a provider (cloud / password manager / or any other) publishes the source code of their application , claiming to be fully FOSS , how do we know that its the same code that's running in their web apps / applications ? They could sneak in malicious code in the actual application if they wanted to right ?
Dunno if this is a dumb question …!-->