ASW Episode 237
Hello Protocols, Packets, and Programs,
A coder once said with composure,
“We might have an unknown exposure.”
But someone protested,
“I thought it was tested.”
And that’s why we have vuln disclosure.
A limerick first appeared in episode 210.
In the news segment, we talked about Secure-by-Design and -Default from CISA and friends. I’m happy to see how explicitly the guide calls out the importance of security by default:
A secure configuration should be the default baseline.
And even has two paragraphs on hardening vs. loosening guides.
I also mentioned my desire to do away with hardening guides back in [episode 161]. They’re ancient relics that should be replaced by opinionated, secure defaults.