|
|
|
|
|
|
by hn_throwaway_99
1700 days ago
|
|
|
Honestly, this kind of made my blood boil, and just points out how difficult security can be. Here is presumably a security company, in their own blog post outlining a high-severity vulnerability alert, advocating that you run untrusted code from some rando GitHub repo. It also outlines my fear about dealing with some "security consultants", because on the one hand they outline all of the things you need to "box check" for some security audit, but at the same time leave you less secure because they've just opened another giant gaping attack surface for your company - this is exactly what happened with the SolarWinds attack. |
|
|