Com certeza, pelo menos não é uma notícia de hack da carteira, eu também ainda acho segura, porém está na hora da Ledger começar a correr atrás do prejuízo e recuperar um pouco a sua reputação (principalmente neste forum), por que será que eles não abrem mão do código fechado? Que eu saiba só o Ledger Live que é de código aberto e algumas partes da Ledger, certo?
O firmware é de código aberto ou é só o secure element que eles usam que é de código fechado?
Somente o ledger live é open source. Ledger live é totalmente opcional . Ele deve ser usado apenas para updates de firmware do dispositivo.
O firmware do ledger é parcialmente open source.
Is Ledger Open Source?
Firstly, let’s make it clear that Ledger is committed to transparency, releasing as much of its code as possible for review. But when faced with choosing to fully open-source our code versus offering uncompromising security, Ledger chooses the more secure approach.
...
Is Ledger’s Operating System (OS) Open Source?
Ledger’s operating system is partially reviewable and verifiable. The code for the commands dispatcher and the Ledger Recover entry points implementation is available for review and verification, however, Ledger’s agreement with the maker and provider of this chip, STMicroelectronics, legally prevents us from exposing the low-level code that talks to the hardware blocks of the Secure Element.
This is simply because the designers of the Secure Element have invested billions over the last decades in building an effectively secure chip. They want to keep their competitive advantage and so prevent firmware developers from disclosing parts of the code that are circuit-dependent.
Ledger’s reasoning for opting for the Secure Element is simple: it’s designed for security, drastically improving its resistance against side-channel, fault, and software attacks.
https://www.ledger.com/academy/topics/ledgersolutions/is-ledger-open-source .