Systems that rely on trusted authorities can be compromised with low cost (case in point: SSL/TLS). Panvala solves this problem by decentralizing trust through a token-curated registry.https://twitter.com/PanvalaMark/status/1016337610787180545 …
People are going to use Panvala, not engineers, and the coarse-grained UI won't inform accurate opinions about testing results. E.g., a part of the code with a flaw could have been out of scope for your assessment but the reviewer will still be seen as at fault.pic.twitter.com/omJlGSCmYG
-
-
I also want to provide transparency to engineers and end-users but this looks like it too easily transfers risk from owners to auditors, and sets us up as "fall guys."
-
This is a good point that we'll have to be vigilant about. Users will never read fine-grained audit reports. They need coarse signals that help them make decisions. I hope that with your input, we can avoid creating new problems that set us all back instead of moving us forward.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.