Absent an audit for a specific version of a library, you probably shouldn’t assu... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		cnasc on May 17, 2020 \| parent \| context \| favorite \| on: It’s OK for your open source library to be a bit s... Absent an audit for a specific version of a library, you probably shouldn’t assume any random package you use is secure.

rhizome on May 19, 2020 [–]

Well there's audit-insecure and then there's FormMail.pl insecure. I'm talking more about the latter.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact