| ▲ | Securing the Git push pipeline: Responding to a critical remote code execution(github.blog) | |
| 14 points by samtrack2019 a day ago | 3 comments | ||
| ▲ | 15 hours ago | parent | next [-] | |
| [deleted] | ||
| ▲ | time4tea a day ago | parent | prev | next [-] | |
I mean, sure. But what about allowing user inputs in trusted fields, Or allowing switching environments per request, on inputs from users Or allowing requests in a user context to access storage from another Or storing everything in plaintext on a node that everything can access Or not validating user inputs Or... Its not a success story. | ||
| ▲ | philipwhiuk a day ago | parent | prev [-] | |
Nothing on auditing other fields? Nothing on how it escaped test coverage? No fuzzing? | ||