this post was submitted on 10 Jul 2023
419 points (98.6% liked)
Programming.dev Meta
2488 readers
3 users here now
Welcome to the Programming.Dev meta community!
This is a community for discussing things about programming.dev itself. Things like announcements, site help posts, site questions, etc. are all welcome here.
Links
Credits
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Security is crazy hard and having perfect security is impossible. Kudos to the dev team for resolving this so quickly.
It makes me think I should see about contributing. I'm not an expert in security flaws or pen testing, but having an extra set of eyes checking for vulnerabilities doesn't hurt.
Plus, in my experience, the vulnerabilities to watch out for are code that the developers didn't write. Updating packages usually isn't a problem until it's discovered a major version update is necessary looks at Spring angrily
In my opinion, the project would benefit from static vulnerability scanning. Low hanging fruit like this XSS would have definitely been flagged.
Most of those providers even give it out for free for open source projects. So it wouldn’t hurt.