You don’t want to be the one who read the code and certified it as good. You might become criminally liable for an attack.
What you want is to reduce your risk so if you can present evidence that Google or some other high profile has done the due diligence then that will be good enough to indemnify you.
Must regular developers don’t have time to read the code anyway. You need to use the slipstream of other companies to protect you.
What you want is to reduce your risk so if you can present evidence that Google or some other high profile has done the due diligence then that will be good enough to indemnify you.
Must regular developers don’t have time to read the code anyway. You need to use the slipstream of other companies to protect you.