[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security related tooling project
From: |
Christopher Baines |
Subject: |
Re: Security related tooling project |
Date: |
Fri, 23 Apr 2021 21:34:00 +0100 |
User-agent: |
mu4e 1.4.15; emacs 27.1 |
Bengt Richter <bokr@bokr.com> writes:
> Given that crims &co monitor developer discussions to discover
> unfixed vulnerabilities and clues re exploiting them,
> what are your ideas to avoid building a tool that can be abused?
>
> E.g., How will your tool avoid leaking info during an embargo window
> while trusted developers are secretly/privately fixing
> critical vulns?
That's a point to consider I think. Most of what I'm thinking about is
for published vulnerabilities in software packaged for Guix, but you
raise a valid point, so thanks for bringing it up.
Chris
signature.asc
Description: PGP signature
- Re: Security related tooling project OFF TOPIC PRAISE, (continued)