You would not believe the # of times I've proposed this to clients and been shot down. Everyone just wants a report.https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/ …
-
-
Replying to @dguido
I've proposed modifying build scripts and dev'ing app-specific fuzzers to the same non-profits that funded OVPN audits. Answer is always no.
1 reply 1 retweet 4 likes -
Replying to @dguido
Typical answer: "we'd rather pay to train the developers (through a report) than fund a bug finding CI tool that does it for them."
5 replies 2 retweets 5 likes -
Replying to @NGalbreath
IMHO because there's a misguided "Has it been audited?" chant without thinking about the bigger picture. It's a client education problem.
1 reply 0 retweets 1 like -
Replying to @dguido
Is the client requesting this in eng, sec, or biz/other
1 reply 0 retweets 0 likes
Replying to @NGalbreath
Non-profits have a mission to ensure the tools they provide to at-risk people are safe. For example, seehttps://www.opentech.fund/
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.