Discussion about this post

User's avatar
JF's avatar

Great article James! Thanks! Minor fix, you missed a 'c', it says 'between code and loud findings'. The article says, "The UX of traversing multiple discovery sources. I found this simple switch on the vulnerability findings view to be an extremely elegant approach for navigating the different vulnerabilities. There is a massive complexity in navigating the nuances between code and loud findings, and this simple toggle is a really smart approach."

Expand full comment
Shay's avatar

All the good points, although why are you downplaying the risk of malware in code? Abusing org repos for malicious hosting is a real risk, but also the supply chain angle of malware in the code.

Expand full comment
5 more comments...

No posts