Holden Oullette
Holden Oullette
Linting, code patterns, security anti-patterns, SAST all run in similar circles - I believe there is some things you could implement in your linting practices that could have an effect...
I think it would be interesting to introduce either a full module for Cryptography or have it be a dedicated lesson within an existing module. I lean towards having it...
We should continue rounding out what is included from the EEF's research into the module for Elixir Security and add the "Deployment Hardening" lesson. Relevant Resource: - https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/deployment_hardening
We should continue rounding out what is included from the EEF's research into the module for Elixir Security and add the "Spawning External Executables" lesson. Relevant Resource: - https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/external_executables
We should continue rounding out what is included from the EEF's research into the module for Elixir Security and add the "(De-)Serialization" lesson. Relevant Resource: - https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/serialisation
We should continue rounding out what is included from the EEF's research into the module for Elixir Security and add the "Protecting Sensitive Data" lesson. Relevant Resource: - https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/sensitive_data
I think it would be helpful to introduce the Zero Trust Model to the Secure SDLC module as a lesson and how it can be extrapolated into Elixir-land Relevant Resources:...
I would love to see a lesson within the Secure SDLC module surrounding Defense in Depth Relevant Resources: - https://csrc.nist.gov/glossary/term/defense_in_depth - https://www.fortinet.com/resources/cyberglossary/defense-in-depth - https://en.wikipedia.org/wiki/Defense_in_depth_(computing)
We should create a new detection for the vulnerability that was patched in the Phoenix 1.3.5, 1.4.18, 1.5.14, and 1.6.14 releases - this could be done somewhat similarly to how...
It would be helpful to build a performance testing suite for Sobelow to A) establish a baseline for performance B) monitor how feature changes affect scanning performance. We would most...