you could, but the model used by the people designing CSP for how it reduces threats is often wrong.
please try to understand why 1. There may be important use cases, 2. Security by 1/
-
-
"every developer should evaluate risks" does not comport with modern security practices 2/2
-
: 2) Developers should evaluate risks, just like they evaluate performance tradeoffs, etc.
@mikesherov@SlexAxton@The_Brown_Shoe -
in general, devs use tools that help make trade-offs for them. In this case, there's 1/
-
nothing ember can do to acquire the eval capability safely cuz no one designed the API 2/
-
and in general the attitude is "shoot capabilities first, ask questions later" 3/3
-
because it's "opt in" granularity is never seen as a high priority, but security teams 1/
-
are eager to opt in (I'm sure you think this is good), but that means in practice I 2/
-
am forced to contend with ungranular policies I can't make more granular. 3/
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.