This system is open-source, so it’s not reverse engineering; it’s line-by-line auditing. Also, to achieve defense-in-depth, they also worked on the auditing and notification system until we’re reasonably sure that it is safe for the public service to put data on it.