You would not believe the # of times I've proposed this to clients and been shot down. Everyone just wants a report. https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/ …
-
I've proposed modifying build scripts and dev'ing app-specific fuzzers to the same non-profits that funded OVPN audits. Answer is always no.
Typical answer: "we'd rather pay to train the developers (through a report) than fund a bug finding CI tool that does it for them."
-
-
Seems like there's a way to spin the CI tool as auto-generated reports, but it's hard to tell people what they think they need isn't right
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
It's the difference between "I need piece of paper to show someone (above or outside of org)" and "I actually want to secure this thing"
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
We typically integrate both approaches if possible, code auditing + tapping in fuzzing...in testsuites ideally. Each gives its own results.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.