this post was submitted on 04 Feb 2022
15 points (85.7% liked)
Security
5005 readers
2 users here now
Confidentiality Integrity Availability
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Linters are a great thing I should've mentioned, esp. ones like ShellCheck. The phrase "low-hanging fruit" has been doing a lot of heavy lifting. I should mention that.
I talked a lot about how to determine if software is insecure, but didn't spend enough time describing how to tell if software is secure. The latter typically involves understanding software architecture, which can be done by documenting it and having reverse engineers/pentesters verify those docs' claims.
It's getting late (UTC-0800) so I think I'll edit the article tomorrow morning. Thanks for the feedback.
@X_Cli@lemmy.ml I updated the post to add a bit to one of the counter args, with a link to your comment. Here's a diff
Thank you <3