All vendor kernels are plagued with security vulnerabilities, according to a CIQ whitepaper. Will the Linux community ever accept upstream stable kernels?
95% seem to be essentially professional box tickers. They don’t care about security, but only about process compliance. As long as the scanner finds no CVEs, the app is secure.
I want people who actually know, how I can improve my code. I’m pretty sure I screwed up security stuff, but will never know.
We’re training too many “security” people.
Rather the wrong ones.
95% seem to be essentially professional box tickers. They don’t care about security, but only about process compliance. As long as the scanner finds no CVEs, the app is secure.
I want people who actually know, how I can improve my code. I’m pretty sure I screwed up security stuff, but will never know.