Ledger’s CTO Charles Guillemet wrote a thread on Twitter, elaborating on the company’s upcoming actions:
“We already conduct internal and external security audits. But, open source means you minimize the level of trust. That’s why we have decided to accelerate our open-sourcing roadmap.””Most of our products are already open source. Many developers contribute to Ledger Live, Ledger devices, and more. Together, we built over 150 open-source apps that run on our different devices.””We recently open-sourced our cryptography library (which is part of our OS), and we will publish the whitepaper of Ledger Recover very soon, allowing everyone to audit the cryptographic protocols and enable people to build their own shards backup provider.””We’ll gradually open source most of our Operating System, starting with Ledger Recover, to make it fully auditable. We’ll release Ledger Recover Product as soon as this firmware part of the code will be published.””The other parts will take a little more time since it needs to be refactored to abstract the chip-specific characteristics under NDA from our OS.””Open-sourcing has always been at the core of our roadmap, and recent events emphasize the importance of accelerating our initiative to bring greater verifiability to everything we do at Ledger,” the CTO wrote.
Ledger CEO Pascal Gauthier also wrote a blog post, in which he apologized for the company’s communication and continued to defend the controversial recover service:
“Ledger Recover is a much needed product in the market to help existing and future crypto users to be able to get to the security of self-custody, and either offload assets from less secure environments, exchanges or soft wallets, & for newcomers to onboard self-custody securely.””The main concerns that you expressed are around transparency, censorship resistance, and security. I think we’ve done a good job to address all of your concerns, but again, it’s for you to tell us, so please don’t hesitate to like, comment, share our clarified service.””Ledger Recover will be launched as soon as the source code is auditable. We believe in these amendments to the project and will continue to build the industry together.”
The Ledger team also held an AMA session concerning the latest announcement. Its recording can be found here.