>It is outright ridiculous ( even malicious) to point to examples of bugs that were found _by 3rd party users reviewing the code_ as evidence of lack of 3rd party code review. Those "bugs" were found by third party…
I'm a senior security engineer at a FAANG. You're completely oblivious to the state of security today you think anything in my comment was naive. Please, let's continue this back-and-forth of condescension. It's really…
>No need: Yes, need. >you've just shown two good examples yourself. Bugs found by scrutinising open source software. Bugs found years after they were introduced, and not found by white hats until after black hats were…
>No it isn't. The whole notion of "defense-in-depth" generally does more harm than good IME, as it creates confusion about where the actual security boundaries are. The security departments of multiple FAANGs, not to…
I don't know how you can say this... a closed source vuln of this severity would be patched almost immediately. See: any vuln of this severity on iOS or Windows. On the contrary, log4j incident is an excellent example…
>you're wrong to think this Security engineer here. No they aren't. I'd say they are being a much more comprehensive in their security analysis by including the cons in their calculation rather than dismissing them and…
The Cloudflare blog post really only looks at wholesale cost of bandwidth and compares it to the price AWS charges. But I think it's missing a huge component of all of the magic that happens inside AWS between those two…
>It is outright ridiculous ( even malicious) to point to examples of bugs that were found _by 3rd party users reviewing the code_ as evidence of lack of 3rd party code review. Those "bugs" were found by third party…
I'm a senior security engineer at a FAANG. You're completely oblivious to the state of security today you think anything in my comment was naive. Please, let's continue this back-and-forth of condescension. It's really…
>No need: Yes, need. >you've just shown two good examples yourself. Bugs found by scrutinising open source software. Bugs found years after they were introduced, and not found by white hats until after black hats were…
>No it isn't. The whole notion of "defense-in-depth" generally does more harm than good IME, as it creates confusion about where the actual security boundaries are. The security departments of multiple FAANGs, not to…
I don't know how you can say this... a closed source vuln of this severity would be patched almost immediately. See: any vuln of this severity on iOS or Windows. On the contrary, log4j incident is an excellent example…
>you're wrong to think this Security engineer here. No they aren't. I'd say they are being a much more comprehensive in their security analysis by including the cons in their calculation rather than dismissing them and…
The Cloudflare blog post really only looks at wholesale cost of bandwidth and compares it to the price AWS charges. But I think it's missing a huge component of all of the magic that happens inside AWS between those two…