Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's sneaky. Do any code scanners check for that class of vulnerability?

Scanning for external dependencies is common but not so much internal private libraries.



https://linuxsecurity.expert/compare/tools/linux-auditing-to... shows a few.

I've used Tiger/Saint/Satan/COPS in the distant past. But I think they're somewhat obsoleted by modern packaging and security like apparmor and selinux, not to mention docker and similar isolators.


Code scanners cannot protect you from code execution on your machine.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: