Show threadKevin Karhan Dec 12, 2023

@ravirockks I've had not read them yet but I'd say that one should always archive dependencies and aim to only have reproducible builds.

Something that I work on OS/1337.

Now granted @[email protected] is NOT built with security in mind at all, but that's due to it's specific goals.

But archiving releases and mirroring repos is an important way to keep things secure.

And in high-security envoirments #airgapping and #CodeAudits should be mandatory to the point that only #FLOSS and no #CCSS are legal.

cynicalsecurity Jun 30, 2023

Does anyone know of a company which does good F# code auditing?

If so could you please let me know? 

#Fsharp #CodeAudits #ITsec #Security

Show threadBrBr.PrimeNov 24, 2022

@mttaggart I was only joking (somewhat) about the other two...

I'd also impress upon them the importance of doing code audits as cost savings in the long term

#codeAudits #infosec