Bountiful Bugs

Hello Protocols, Packets, and Programs,

A coder once said with composure,

“We might have an unknown exposure.”

But someone protested,

“I thought it was tested.”

And that’s why we have vuln disclosure.

A limerick first appeared in episode 210.

In the news segment, we talked about Secure-by-Design and -Default from CISA and friends. I’m happy to see how explicitly the guide calls out the importance of security by default:

A secure configuration should be the default baseline.

And even has two paragraphs on hardening vs. loosening guides.

I also mentioned my desire to do away with hardening guides back in [episode 161]. They’re ancient relics that should be replaced by opinionated, secure defaults.

Check out this episode's show notes for links to the articles we covered. And please take a moment to subscribe.