The slide and surrounding tweets seem to be about reducing vulnerabilities (and therefore reducing risks). I didn’t spot a risk assessment approach. Was there one mentioned in the talk?
-
-
-
I guess I just think of it as risk assessment. I wish that size of TCB was a core security metric; something that everyone measured and asked about.
- 1 more reply
New conversation -
-
-
For anyone interested, it looks like that's a slide from this presentation: https://res.cloudinary.com/snyk/image/upload/v1555510939/shifting_docker_security_left_2019.pdf …, more info & links here:https://twitter.com/liran_tal/status/1189580437041111040 …
-
Yep those slides are mostly from the state of opensource security as you referenced but also from our shifting docker security left report and real stories from open source projects that were happening lately
End of conversation
New conversation -
-
-
You'd think "if it ain't there, it can't be used to compromise your machine" would be a simple concept to grasp.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I've always thought tha Amazon Linux should offer an option to declare application dependencies then build out and bake a minimal AMI supporting only what I need. Might even remove coreutils if that's possible!
#awswishlist -
Gentoo/Nix/Arch and pretty much the entire embedded world have decades of proof of concept that it is a viable strategy. Single application dedicated servers have more in common with embedded systems than desktops IMHO but are architected more like desktops.
End of conversation
New conversation -
-
-
Me too.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
all the data is from the following two
State of Open Source Security report 2019: