On 28/07/2017 10:08, Patrick Morris wrote:
> On 28/07/2017 05:54, Steve - Gadget Barnes wrote:
>>
>>
>> On 28/07/2017 00:27, p...@getaroundtoit.co.uk wrote:
>>> S, (Andy and Mike)
>>>
>>> Yes, you've hit a couple of pertinent points; and it might make for an
>>> interesting project.
>>>
>>> Howev
Patrick,
All of the above are good
=indeed - am still digesting...
You could also use the following to check for known vulnerabilities
https://www.openhub.net/explore/projects
Thank you for this - I had forgotten about BlackDuck (have apparently
fallen off their mailing list).
Will ha
Thank you James, this starts to summarise specific concerns:
The other thing I try and push is to ensure that alternatives are considered where
appropriate - which is a bit more contextual, but it's very easy to jump to "I want
to use this" long before checking if there are better alternatives
We do similar with a checklist for the practicalities (though I for one
still have no good solution for guaranteeing the security of code beyond
reviewing it line-by-line...) - we've gone slightly more general so as to
apply to "technologies" as well as just libraries, but our process is
roughly:
On 28/07/2017 05:54, Steve - Gadget Barnes wrote:
On 28/07/2017 00:27, p...@getaroundtoit.co.uk wrote:
S, (Andy and Mike)
Yes, you've hit a couple of pertinent points; and it might make for an
interesting project.
However, I was looking for a check-list or similar which I can give to
the per
On 28/07/2017 00:27, p...@getaroundtoit.co.uk wrote:
> S, (Andy and Mike)
>
> Yes, you've hit a couple of pertinent points; and it might make for an
> interesting project.
>
> However, I was looking for a check-list or similar which I can give to
> the pertinent dev.teams to ensure that they
S, (Andy and Mike)
Yes, you've hit a couple of pertinent points; and it might make for an
interesting project.
However, I was looking for a check-list or similar which I can give to
the pertinent dev.teams to ensure that they are 'covering all the bases'
- whereas the question: "have you che
Exactly my point, yes- especially if one were to make a framework designed to
easily analyse such things (when it becomes much easier for the malware because
it for instance could just check whether the framework is in the current env
(as a super-trivial example- but any framework that is easy t
On Thu, Jul 27, 2017 at 2:39 PM Andy Robinson wrote:
> On 27 July 2017 at 15:33, S Walker wrote:
> > I suspect malicious phone-home (and other deliberately malicious
> security)
> > stuff would be very difficult to automatically test for
>
> Presumably you want to spy on outbound network activit
On 27 July 2017 at 15:33, S Walker wrote:
> I suspect malicious phone-home (and other deliberately malicious security)
> stuff would be very difficult to automatically test for
Presumably you want to spy on outbound network activity from your test
machine, rather than analysing code?
- Andy
I suspect malicious phone-home (and other deliberately malicious security)
stuff would be very difficult to automatically test for, as you're then in a
Volkswagen situation and you'll be entering into an arms race with anyone who
is taking such malicious actions.
For other aspects, I'm afraid I
It's a question which interests me too. If you find some good resources, could
you post them to this group?
Do you know how much checking is done on the Active State and Anaconda
distributions?
On 27 July 2017 at 00:17:33 +01:00, p...@getaroundtoit.co.uk wrote:
> Are you able to recommend mate
12 matches
Mail list logo
