Hi all. Very interesting thread! I guess that not many Clojure developers are in this situation, but I hope many more will be; that would mean that Clojure got the foot in the door of the enterprise.
Gregg, I need a little clarification on the last thing you mentioned: Is a dependency treated as secure and given the green checkmark in usual security procedures if there is a (community) security audit that systematically listed vulnerabilities and recommended ways to avoid them? What is (in your experience with banking) the minimum amount of "burden" necessary so that an artifact is given a passing mark? Is there a broader standard, or each client has its own checklist? How defined those procedures are? Do they update at glacial place, or a good and honest efforts on case-to-case basis are accepted (such as hiring a security expert to audit the code with not-so-standard procedures)? On Friday, April 13, 2018 at 11:24:54 PM UTC+2, Gregg Reynolds wrote: > > > > On Fri, Apr 13, 2018, 4:09 PM Aaron Bedra <aaron...@gmail.com > <javascript:>> wrote: > >> Penetration testing is something performed on an application, but a >> source code review of the language is certainly an interesting idea. My >> company does these all the time. I ran this by my folks and there was >> certainly interest. If we could publish the results and create a healthy >> discussion my company would be happy to participate and do this at a fixed >> and heavily discounted price. >> > > Naive question from the clueless peanut gallery: are you talking about a > security audit of clojure core (& etc) source, which could then be cited as > evidence by app developers? > > E.g. I build an app against a signed version of clojure which is > "certified" in some sense? Then I only have to audit my code (and lib > dependencies)? > > Gregg > -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
