|
|
|
|
|
|
by richbell
1348 days ago
|
|
|
> So these bulk scanners exist, and the issue is a solved problem, but none of the "root" repos for the popular language stacks are using them? I could talk at length about this; unfortunately, I'm on my phone with a shotty connection. The tl;dr is that companies like Snyk make money by requiring companies to pay to check for vulnerabilities once they've been downloaded. There's not necessarily anything wrong with that, but a philanthropic company could make things significantly safer for everyone if they weren't concerned about making money. Initiatives like the OSSF will hopefully have a positive impact, for this reason. |
|
|
This is why only commercial company can build a great product. The constant cat and mouse game between threat actors and defenders/researchers. Every new malware/trojan/cryptominer strain needs to be found, identified, signature written, and all clients need tk get latest signatures asap, and product has to work flawlessly with as few false positives as possible