You would not believe the # of times I've proposed this to clients and been shot down. Everyone just wants a report.https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/ …
-
-
Typical answer: "we'd rather pay to train the developers (through a report) than fund a bug finding CI tool that does it for them."
-
Any thoughts on why this is
@dguido ? -
IMHO because there's a misguided "Has it been audited?" chant without thinking about the bigger picture. It's a client education problem.
-
Is the client requesting this in eng, sec, or biz/other
-
Non-profits have a mission to ensure the tools they provide to at-risk people are safe. For example, seehttps://www.opentech.fund/
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.