Why can't these billion-dollar companies create a consortium to make a systematic audit of such code from start to finish? They'd all benefit enormously.
by Anonymous Coward writes:
on Tuesday September 05, 2017 @10:44PM (#55145819)
because a single audit wouldn't solve the issue, 100 audits wouldn't uncover every flaw. Software development is an ongoing process, new attack methods and vectors are discovered all the time. basically audit/review needs to be a basic feature of large development but you would still have vulnerabilities being discovered regardless.
You'd think they'd put their money to good use! (Score:0)
Why can't these billion-dollar companies create a consortium to make a systematic audit of such code from start to finish? They'd all benefit enormously.
Re:You'd think they'd put their money to good use! (Score:0)
because a single audit wouldn't solve the issue, 100 audits wouldn't uncover every flaw. Software development is an ongoing process, new attack methods and vectors are discovered all the time. basically audit/review needs to be a basic feature of large development but you would still have vulnerabilities being discovered regardless.