I would like to impress upon product managers that a code security review does not consist of me sitting down with the files in alphabetical order and reading each and every line exactly once in order and checking off whether it is or isn’t secure
-
I would like to impress upon product managers that a code security review does not consist of me sitting down with the files in alphabetical order and reading each and every line exactly once in order and checking off whether it is or isn’t secure
-
@0xabad1dea this is one of the many reasons we invented static analysis #swsec #appsec
-
And if you’re wondering what it IS then, I would describe security review as more like mapping a cave system than reading a document.
-
@cigitalgem @0xabad1dea if you think a passing static code analysis counts as a security review, well gosh I have a really suspiciously cheap security review to sell you.
Copyright © 2024 NodeBB | Contributors