> Also, you should download the source code, compile it (using a Linux machine) and always look over the source code for rogue functions, you CANNOT afford a vulnerability inside the password manager.
I'm not sure that this actually possible in any reasonable sense. Its not that hard to throw in an obfuscated back door into source code, especially in a complex system (ignoring the build chain and the whole trusting trust thing.)
Even if there are a small number of people who have the time and expertise to audit such systems, it just doesn't scale.
Of course doing constant code reviews for every single piece of software you use is preposterous. I have trouble keeping up with my employees' code reviews.
This is why security-conscious folks prefer open source software.
No one wants to audit every line of code they use (nor is that possible).
But if one relies on relatively popular open source software, just the fact that someone else could have audited it helps a lot. Add on to that the fact that you can use a linux distribution which keeps an eye on the vulnerabilities reported in the wild and updates the packages for you, and you are much better off over someone who only uses closed-source software and hopes and prays.
I'm not sure that this actually possible in any reasonable sense. Its not that hard to throw in an obfuscated back door into source code, especially in a complex system (ignoring the build chain and the whole trusting trust thing.)
Even if there are a small number of people who have the time and expertise to audit such systems, it just doesn't scale.