alt Hacker NewsI have to assume you have never worked on security cataloging of third party dependencies on a large code base.
Because if you had, you would realize how ridiculous it is to state that app security can't be assessed until you have read 100% of the code
That's like saying "well, we don't know how many other houses in the city might be on fire, so we should let this one burn until we know for sure"
Replies
jokersarewild • yesterday at 11:06 PM
It sounds like your salary has depended on believing things like a partial audit is worthwhile in the case that a client is the actual adversary.
➕ show 1 reply
What you are saying is empirically false. Change in a single line of executed code (sometimes even a single character!) can be the difference between a secure and non-secure system.
This must mean that you have been paid not to understand these things. Or perhaps you would be punished at work if you internalized reality and spoke up. In either case, I don't think your personal emotional landscape should take precedence over things that have been proven and are trivial to demonstrate.