zlacker

[parent] [thread] 3 comments
1. smarx0+(OP)[view] [source] 2025-01-05 15:34:41
To be fair, I would also be alarmed, albeit not by OTP. "sign an electronic document" and "built with COTs libraries in a single sprint" is essentially begging for a security review. Signatures and their verification are non-trivial, case in point: >>42590307
replies(1): >>talkin+zd
2. talkin+zd[view] [source] 2025-01-05 17:23:39
>>smarx0+(OP)
Nobody said you shouldn’t do any due diligence. But 1 sprint vs 2 months of review really smells like ‘processes over people’. ;)
replies(1): >>normie+wq
◧◩
3. normie+wq[view] [source] [discussion] 2025-01-05 19:03:15
>>talkin+zd
A more positive view would be that the security team may have had different priorities to the product team.
replies(1): >>robert+NY
◧◩◪
4. robert+NY[view] [source] [discussion] 2025-01-06 00:11:25
>>normie+wq
Two months of review after the work would be a lot more useful than before.
[go to top]