On Fri, Apr 13, 2018, 4:09 PM Aaron Bedra wrote:
> Penetration testing is something performed on an application, but a source
> code review of the language is certainly an interesting idea. My company
> does these all the time. I ran this by my folks and there was certainly
> interest. If we coul
Penetration testing is something performed on an application, but a source code
review of the language is certainly an interesting idea. My company does these
all the time. I ran this by my folks and there was certainly interest. If we
could publish the results and create a healthy discussion my
Thanks for the shout Alex. Jason reached out to me directly but I figured it
would be better to answer this for the broader group. I’ve got a lot of
thoughts around this and I am happy to dive deeper into any of these as well.
On the topic of static analysis, I don’t think that application stati
The socket repl is inherently not secure. It allows anyone to connect and
run arbitrary code on the process. However, by default it is not running -
you need to add extra system properties to start the server(s). If someone
can start your server with arbitrary system properties, I'd say that is
I'd love an independent penetration and security audit of the Clojure codebase.
Especially around the socket repl in a localhost restricted way and making sure
its not exploitable.
I wonder how much it costs, and if Clojurist together could have one funded.
--
You received this message because
Excellent Alex - thanks a lot.
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your
first post.
To unsubscribe from
How to validate timestamp in clojure??
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your
first post.
To unsubscri
On Friday, April 13, 2018 at 8:38:51 AM UTC-5, Jason Turner wrote:
>
> Hi Alex,
>
> Thanks for the rapid feedback. Before anything else I should say that we
> loved Clojure before using it at work, and we're even more in love now we
> are using it at work - a huge thankyou to the core team and
Hi Alex,
Thanks for the rapid feedback. Before anything else I should say that we
loved Clojure before using it at work, and we're even more in love now we
are using it at work - a huge thankyou to the core team and Rich, and a
great community.
Yes - I did see your previous comment but as was
Hey Jason,
I have looked at the Fortify reports and as you mention, it contains thousands
of items. I spent some time looking at it and while I did not examine every
item, 100% of the items I did look at were either a false positive or
unimportant. We have no plans to satisfy Fortify by “fixing
We work providing software to banks, partly in cloud but largely on premise
products.
We have been Java based for many years, but now looking to move to Clojure
as we all love it. While on almost every front it is looking good, our
market causes us to need to clearly demonstrate a high level of
11 matches
Mail list logo
