Most of the time I do contract engagements for security/privacy work I end up being consulted far too late to significantly improve the security of the system under review.
At best I can point out vulnerabilities and suggest some mitigation, but in many cases the risk has already been realized / the liabilities have already been created.
Core design decisions, made without security review, too costly to rework, and fundamentally insecure.
I don't expect this to change, but maybe one day.
Sarah Jamie Lewis /
npub14m…vp58n
2024-05-21 19:08:41
Author Public Key
npub14mfj9wu5ujvu6rxj8w62dvkvqj7myqc6kz0upz3kuw3wx4dz9vgstvp58nPublished at
2024-05-21 19:08:41Event JSON
{
"id": "41f50e4fccb59a3b5816f4d7d47bad80dee8ad64aff37b358b28162aeb418ce6",
"pubkey": "aed322bb94e499cd0cd23bb4a6b2cc04bdb2031ab09fc08a36e3a2e355a22b11",
"created_at": 1716318521,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/users/sarahjamielewis/statuses/112480650627078925",
"activitypub"
]
],
"content": "Most of the time I do contract engagements for security/privacy work I end up being consulted far too late to significantly improve the security of the system under review.\n\nAt best I can point out vulnerabilities and suggest some mitigation, but in many cases the risk has already been realized / the liabilities have already been created.\n\nCore design decisions, made without security review, too costly to rework, and fundamentally insecure. \n\nI don't expect this to change, but maybe one day.",
"sig": "6bbeea1deb8e94a753f432998c98148e5f4fabafeaab0d419504b2cc4df0ed3c96c44a792d0a5b0b876a923a408e6a694524e4eec9fb2e1d5ad330672cc7fa94"
}