| ▲ | alfanick 5 hours ago | |
> just without vulnerabilities You surely mean "without known and reported vulnerabilities". I doubt you're proactively fixing the world across thousands of software packages /s | ||
| ▲ | morellonet 3 hours ago | parent [-] | |
Correct, we are not claiming to be auditing the source of every software package in the world. The value we provide is a minimalistic architecture so you start with a significantly smaller attack surface and continuous builds of upstream so you stay at a near 0 CVE state without the substantial work required to do so yourself. Basically, we help you get all the upstream fixes from across the OSS ecosystem as quickly, safely, and easily as possible. | ||