zlacker

[return to "Open source liability is coming"]
1. Mounta+0a[view] [source] 2023-12-29 18:54:33
>>daniel+(OP)
Hopefully this will change attitudes in application security. Developers often try to ignore vulnerabilities found in the libraries they used, coming from the POV of "well, that's not my code so it's not my fault" instead of "we chose that library so we're responsible for any vulnerabilities it creates for the company". If you're going to use FOSS and don't do anything to correct or mitigate the vulnerabilities in the part you choose to use, then it's your vulnerability. But they only see it from a POV of feeling blamed for something they didn't do as it's not their code and ignore the bigger picture of attackers not caring the slightest who introduced a vulnerability for them to exploit, they're just happy that it exists.
◧◩
2. jalk+8d[view] [source] 2023-12-29 19:10:55
>>Mounta+0a
I have never ever met at dev with that attitude. I've seen managers trying to postpone fixes, because they naively thought there was little chance it would be discovered by hackers. A quick tour of Shodan, logs of SSH access attempts and access logs with the various script-kiddy attempts, usually convince that type of manager to prioritize hardening
[go to top]