@RichFelker @SwiftOnSecurity Yep! The type, location and severity of discovered vulnerabilities can give /some/ indications on secure coding
-
-
-
@RichFelker@SwiftOnSecurity .. But still offers little actionable intelligence, who knows if it's a hard target | if nobody actually looked -
@dyn___@SwiftOnSecurity Actually the presence of lots of low-impact CVEs is a good sign that a project does well on security. -
@dyn___@SwiftOnSecurity It means lots of eyes are looking but little serious was found, and shows if project is responding to security bugs -
@RichFelker@SwiftOnSecurity if they CVEs are indeed patched, and hopefully code-wide vs spot fix. 10+ int overflows isn't a good sign...
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.