Security Concerns
-
Hi, first of all thanks to the creator of backtrader and all its contributors!
I'm planning to use Backtrader for institutional purposes, and due to needing to comply with company cybersecurity policy, I'm curious about how I can get assurance that the package is safe, and doesn't for example, steal our strategies? I totally trust that the community here has done enough due diligence on this software, but is there a way to verify rather than base it on faith?
Thanks again for this wonderful platform!
Sincerely,
Eric -
@tsguo3 if you want to be sure, you can always read the source code.
-
@tsguo3 this is a package that open-source,you can read the sorce code,so,you can get the largetst safety.
-
Hi, yes I'm aware I can read the source code, but 1) even if I tried, I'm certainly not good enough to identify any suspicious code, and 2) that would take me forever! I wonder how other people have approached this problem. Is there a shortcut to address security concerns?
-
@dasch I agree I have access to the source code, but even if I try to read it, it won't give me any assurance...
-
@tsguo3 Good question.
-
@tsguo3 said in Security Concerns:
Hi, yes I'm aware I can read the source code, but 1) even if I tried, I'm certainly not good enough to identify any suspicious code, and 2) that would take me forever! I wonder how other people have approached this problem. Is there a shortcut to address security concerns?
If you are indeed as you say "planning to use Backtrader for institutional purposes" and "compliance with company cybersecurity policy" is a concern, you can either get your company's cybersecurity department to look into it, or get it audited by an independent cybersecurity firm.
It sounds like you have all the available resources from source code to institutional backing to make an evidence based decision instead of a faith-based one.