Hacker News new | ask | show | jobs
by rogerbinns 4649 days ago
I'm sure malicious code can be hidden in plain site anyway. Automated tools or human eyeballs won't spot it. For example here is the underhanded C contest demonstrating the principle with C http://underhanded.xcott.com/ (static analysis won't be possible on most JS code)

The only way to be sure is to implement a (bug free) sandbox that the code runs in, as then it won't matter what the code does.
2 comments
adrianN 4649 days ago
I guess you don't lock your front door because lock picking is straightforward?

While it is not possible to spot all malicious code by inspection, minification certainly makes the job much harder.

link
rogerbinns 4649 days ago
They will only be able to catch the incompetent bad guys via inspection. Those are not the ones to worry about.
link
willvarfar 4649 days ago
Yeah I wonder when the winners will be announced for this year's contest?
link