Curious - if you could get a security code review of an open source library: 1. Which library or libraries would be first on your list? 2. What would you want to know in the review? Also, is anyone doing this?
3
1
Replying to @mkonda
Are you talking about automated scans or manual reviews? Automated scans: owasp.org/www-community/Free… For manual reviews, I know Google’s Project Zero looks at some open source projects: googleprojectzero.blogspot.c…

Nov 21, 2022 · 9:10 AM UTC

1
Replying to @bilcorry
Manual reviews.