Mastodawn

Me: "If this API is prone to misuse by a careless or clueless developer, that is a security issue that needs fixing."

Me: "If the tests pass even if I change the logic of the source code, then the test doesn't actually cover it. I don't care what the code coverage metrics say."

Me: "The threat model needs to state its assumptions as well as both risks both mitigated and not mitigated."

Other projects, apparently: "Well this attack is outside our threat model so we're dismissing your report, but we'll eventually fix it as a defense-in-depth if we really must I guess."

Step up your game.

Show thread

icrawler

@soatok
I feel you and admire your resolve for all these pro bono works you're doing.. Also your adventures ;) keep me moving forward and endure as well, so thank you.

i.e. I recently discovered that some SDK includes a home grown crypto protocol that basically allows a related-key attack... (at that the 'crypto' part was missing in docs thus not easily findable via threat modeling process) It took weeks to persuade a responsible party to seek an independent consultation to confirm my finding , while an initial response was that they don't want to waste precious resources to beautify the code. And I didn't seek neither money nor fame, just wanted to make the world a better place ;)