Introduction

Security and Privacy

Open Source

We believe  Linus's law of "given enough eyeballs, all bugs are shallow" applies to security issues. The premier example of how open source projects can be more secure than proprietary code bases is Bitcoin. In  his 2015 talk Andreas M. Antonopoulos describes how closed source banking systems have the software equivalent of weak immune systems, because huge security holes can be obfuscated for long periods of time, and when eventually exploited can have enormous detrimental effects. On the flip side of this is an open source protocol like Bitcoin, where any security holes are there for all to see. Exploits are found early and often, and then patched. Remember that successful software companies can take more than a decade to build. Over a long time period, open source systems will tend towards a more secure state over secretive, proprietary systems.

Credit: Should I Open Source My Company

Privacy-First

At SRC, members trust us with some of their most sensitive information, their emails and their job status. Sadly, we've seen firsthand what happens when companies abuse this.

We've seen employers use LinkedIn to find out which employees are looking for new roles. We've seen backlash against recruiting companies for making candidate job profiles public without their consent.

SRC does not and will never store your emails within our database. We use native email functionality, like labels and folders, to securely manage your emails from within your inbox.
And with SRC's two-way opt-in communication, your job status is confidential. Companies cannot see if you are looking for a new role until you choose to start the interview process.

By open sourcing SRC, we are making more then a promise of privacy. All the ways we use and protect your data is transparent and publicly visible.

CASA Compliant

The Cloud Application Security Assessment (CASA) is built upon the industry-recognized standards of the  OWASP's Application Security Verification Standard (ASVS) to provide a consistent set of requirements to harden security for any application. CASA provides a uniform way to perform trusted assurance assessments of these requirements when such assessments are required for applications with potential access to sensitive data.

SRC is Tier-2 CASA compliant. SRC's CASA compliance has been verified by an independent lab partner as part of the Google OAuth approval process.

Privacy Policy & Terms of Service

SRC's privacy policy and terms of service are available on the SRC website. Like the rest of SRC, the privacy policy and terms of service are open source too.

We want to make the privacy policy and terms of service as interpretable and user-friendly as possible. If you find the language confusing or ambiguous, please let us know!