undefined | Better HN

0 pointsStressedDev1y ago0 comments

The problem with the parent's suggestion is you end up banning lots of useful techniques while not actually stopping hackers from installing back doors or adding security exploits. The basic problem is once an attacker can submit changes to a project, the attacker can do a lot of damage. The only real solution is to do very careful code reviews. Basically, having a malicious person get code into a project is always going to be a disaster. If they can get control of a project, it is going to be even worse.

0 comments

consumer4511y ago

> The only real solution is to do very careful code reviews.

Are there any projects that are well resourced enough to do this consistently, including all dependencies?

j / k navigate · click thread line to collapse

0 pointsStressedDev1y ago0 comments

0 comments

consumer4511y ago

> The only real solution is to do very careful code reviews.

Are there any projects that are well resourced enough to do this consistently, including all dependencies?

j / k navigate · click thread line to collapse