We updated the language, thanks for pointing that out.
And this can be ratcheted down further by leveraging something like the measurement protocol. It would eliminate the 3rd party calls/code in the browser while giving GitHub the ability to anonymize the source (e.g. IP…
Are you triggering U2F challenges by visiting sites that support u2f? Opening the app doesn't do anything.
TOTP via SMS or apps is required to set up a u2f key on GitHub.
You seem to be failing to acknowledge your privilege to live in the US and earn $8 an hour. There are people who live outside of the US and earn far less. Also, delivering a yubikey might be actually impossible. > - You…
Expecting everyone to jump through the hurdles you describe is why we're in this terrible state we are in today. It's just not practical, affordable, or even possible for many. $38 is a lot of money to a lot of people.…
Yep, that's definitely a great solution. Unfortunately, that is not practical for the vast majority of people.
While there are many ways to catch this sort of thing (code review, static analysis, education) I have to place the "blame" here on ActiveRecord. The 'order' API takes an arbitrary string by default. 99.999% of the…
https://blog.twitter.com/2016/the-release-of-pants-10 > Today, Twitter is excited to announce participation in the first major release of the Pants open source project: 1.0.0, an open source build tool for…
"Automate that and spend the rest of your time reviewing for things that can't be trivially automated" - pretty much the mantra behind any successful security program. A false-positive/negative is usually fixed faster…
Having used static analysis security tools for other languages, no. Ignoring the fact that it is open source, it blows away every single other tool I have used in terms of speed, accuracy, and actionability. I would…
We updated the language, thanks for pointing that out.
And this can be ratcheted down further by leveraging something like the measurement protocol. It would eliminate the 3rd party calls/code in the browser while giving GitHub the ability to anonymize the source (e.g. IP…
Are you triggering U2F challenges by visiting sites that support u2f? Opening the app doesn't do anything.
TOTP via SMS or apps is required to set up a u2f key on GitHub.
You seem to be failing to acknowledge your privilege to live in the US and earn $8 an hour. There are people who live outside of the US and earn far less. Also, delivering a yubikey might be actually impossible. > - You…
Expecting everyone to jump through the hurdles you describe is why we're in this terrible state we are in today. It's just not practical, affordable, or even possible for many. $38 is a lot of money to a lot of people.…
Yep, that's definitely a great solution. Unfortunately, that is not practical for the vast majority of people.
While there are many ways to catch this sort of thing (code review, static analysis, education) I have to place the "blame" here on ActiveRecord. The 'order' API takes an arbitrary string by default. 99.999% of the…
https://blog.twitter.com/2016/the-release-of-pants-10 > Today, Twitter is excited to announce participation in the first major release of the Pants open source project: 1.0.0, an open source build tool for…
"Automate that and spend the rest of your time reviewing for things that can't be trivially automated" - pretty much the mantra behind any successful security program. A false-positive/negative is usually fixed faster…
Having used static analysis security tools for other languages, no. Ignoring the fact that it is open source, it blows away every single other tool I have used in terms of speed, accuracy, and actionability. I would…