On Sun, Apr 15, 2018, 4:59 AM Dragan Djuric <draga...@gmail.com> wrote:
> Hi all. Very interesting thread! I guess that not many Clojure developers > are in this situation, but I hope many more will be; that would mean that > Clojure got the foot in the door of the enterprise. > > Gregg, I need a little clarification on the last thing you mentioned: Is a > dependency treated as secure and given the green checkmark in usual > security procedures if there is a (community) security audit that > systematically listed vulnerabilities and recommended ways to avoid them? > Danged if I know. But obviously if you are building a high security system that uses third party libs they must be certified in some manner. If that can be done reliably then it need not be repeated for each user. What > is (in your experience with banking) the minimum amount of "burden" > necessary so that an artifact is given a passing mark? > My banking experience is limited to depositing and spending, hah hah. Actually I once worked briefly in a bank processing center. The entire system was written in IBM Sys/370 assembler. It was kinda fun. Security? You mean the guard at the door? (This was pre-internet) Is > there a broader standard, or each client has its own checklist? How > defined those procedures are? Do they update at glacial place, or a good > and honest efforts on case-to-case basis are accepted (such as hiring a > security expert to audit the code with not-so-standard procedures)? > Those are damn good questions and I don't know the answer to any of them. Frankly i've never thought about this much. But now I do it seems like an obvious business opportunity: if you can sign a blob of code then you can offer a security warrant for it. For a fee. Maybe people do this but I've never seen it. Probably too risky? G > -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
