Y
Hacker News
new
|
ask
|
show
|
jobs
by
tptacek
237 days ago
It's a bad audit checklist! If OWASP volunteers can't do a good one, they should just not do one at all. It's fine for them not to cover things that are outside their expertise.
1 comments
rubendev
237 days ago
Which one would you recommend instead? Referring dev teams to NIST standards or the like doesn’t work well in my experience.
link
tptacek
237 days ago
There doesn't always have to be a resource. Sometimes no resource is better than a faulty one. Cryptography is one of those cases.
link