You must be new to this. The median line of code in a security tool is materially less secure than the median line of code overall in the industry.

▲

regularfry 2 days ago | parent | next [-]

Similarly one of our biggest causes of power outages when I worked with a DC was the UPSes. And the biggest causes of data loss were the hardware RAID controllers. Feels like there's a fundamental law lurking under this stuff.

	▲	snackbroken 2 days ago \| parent [-]
		As the complexity of a system increases, the number of single points of failure also tends to increase. Sometimes you can make sure that several subsystems need to fail before the whole system fails. Often, the best you can do is swap one SPoF (e.g. unreliable power grid) for another, more robust SPoF (unreliable UPS).

▲

CoderLuii 2 days ago | parent | prev [-]

this is painfully accurate. ive worked in security for years and the tools we trust the most get the least scrutiny because everyone assumes "well its a security tool, it must be secure." the irony is these tools usually run with the highest privileges in the pipeline. trivy sits in CI with access to every secret in your environment and nobody questions it because its supposed to be the thing protecting you.