|
Message-ID: <20230319135946.GA20983@openwall.com> Date: Sun, 19 Mar 2023 14:59:46 +0100 From: Solar Designer <solar@...nwall.com> To: Georgi Guninski <gguninski@...il.com> Cc: oss-security@...ts.openwall.com Subject: Re: First result on google promotes insecure coding (XSS) On Sun, Mar 19, 2023 at 03:05:24PM +0200, Georgi Guninski wrote: > Does the so called security "community" plan to reduce teaching > insecure code? Georgi, are you part of the community? Do you have a plan you're going to follow yourself or/and recommend to others? If so, please share it. It's easy to distance yourself from the community and criticize it, or to claim there isn't a community like you seem to imply by the quotes. It's more effort to be part of the community and actually do things. Sometimes this involves figuring out the author's contact address (not always straightforward or reasonably possible at all) and asking them to make an edit. Other times the content is on a forum where you can add a comment, e.g. StackOverflow. Have you contacted the site in question and suggested an edit to them? There's no systematic effort like this that I'm aware of - maybe there should be. Maybe it should be funded. Maybe it should focus on top search engine hits for a curated list of relevant search queries. Another approach is to write higher-quality tutorials that may become the new top hits. For example, I wasn't into PHP at all, but I wrote and submitted "How to manage a PHP application's users and passwords" to Stefan Esser's Month of PHP Security in 2010 and it's been up on the Openwall website since. While it's quite dated now, I think it helped at the time and for a while. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.