Open Source v.s. Open protocol ,hardware wallet's point of view
Open source is a method and belief for continous program development and large-scale programming cooperation.
Open source is not a method nor belief for safety solution.
No bank open source their program, nor any security exchange.
OpenSSL is open source,but it's heart-bleeding bug is very serious.
Bitcoin team open source their programme, so that we can have altcoins, different miners, and different wallets like Hardbit.
But the safety and vitality of Bitcoin is based on it's perfect theory--clearly dipicted in the Whitepaper. The implementation of Bitcoin is based on it's protocol --all mining pools, exchange, wallets are working in harmony because they follow the protocol. This Bitcoin protocol is learnt from open source Bitcoin software, but if the development team wrote a clear introduction to Bitcoin protocol, we don't need to have a peek at the source code to write the Hardbit programme.
All safety is based on theoratical safety, not programming safety. So , if the theory is right, even there are some bugs (like melleability bug of Bitcoin),the system is till safe;if on the contrary the theory has a defect， no matter how perfect the programme were , smarter hackers will soon or late find out a way to invade or break the system.
Hardware wallet is a theoratical common understanding for a safer solution of Bitcoin storage.
In the realization of hardware wallet, it comes up with 3 questions:
1 How can the vendor prove they can't steal Bitcoin out of the hardware wallet?
2 If the hardware wallet fails, how to secure the safety of Bitcoins in it?
3 (Based on 2,) is the backup file safe enough against brute-force cracking ?
The answer for question 2 and 3 are common sense: backup and salt-mixing.All headaches go to question 1.
As we explored for a long time, we found only one solution( fortunately there is one,not none):communicate via QR code only.
The reason is explained in details in our white paper.We believe it's theoratically absolutely safe.
If the protocol of offline-online communcation is open, everybody can check if the information for communication is benign, and everybody can develop new software or hardware to join this commnication network.
In a few days, we will launch a safety checking tool for Hardbit QR codes. Actually this sofware package already includes more than 50% of our codes. And,we will open source all our codes later at a right time windows.
For software only solutions, open source -- free -- receive donations is a good business model. But for solutions including hardware, hard cost is there:production, cash flow,logistics, service,etc. If open source, competition will quickly push the margin to 0, and customers can get good products from NOBODY ,because good product and service are based on good margin.
You see no miner vendor opensource their latest product.
Hardware wallet is a safety solution, it's value and potential risk is way higher than it's own price. Only with good margin, does it vendor have motive to consistantly improve its performance and lower its cost.
And at a certain time point, when we think our market position is stable , we will open all our sources.