Requiring a sandwich bill of materials for sandwiches will likely end up with not getting many sandwiches, but this was a fun (to me) link. Thanks for sharing.
Post-incident analysis revealed that 94% of affected sandwiches had no lockfile and were resolving eggs to latest at assembly time.
I want to eat inspect these 6% of sandwiches with a lockfile
This was my favourite bit:
CVE-2019-SPROUT: Alfalfa sprouts were found to be executing arbitrary bacteria in an unsandboxed environment. Severity: High. The vendor disputes this classification.
Ugh, sandwich licenses. Why do I need to open up the sandwich and check third party sources so I can put Sriracha sauce on myself when I can just pay for a sandwich that has brand name Sriracha at the proprietary shop down the road? And I know about OpenHot and Yet Another Spicy Sauce, they just don't fit my use case. /j
SBOMs are such a great idea, but always felt hopeless to me because of dependency chains.
Add that to vulnerability scanners that complain about everything right down to the language you're using and defenestration seems like the best option.
zod000 | a day ago
Requiring a sandwich bill of materials for sandwiches will likely end up with not getting many sandwiches, but this was a fun (to me) link. Thanks for sharing.
[OP] asteroid | a day ago
I laughed. I thought you might, too!
chocobean | 20 hours ago
I want to
eatinspect these 6% of sandwiches with a lockfileThis was my favourite bit:
moocow1452 | 16 hours ago
Ugh, sandwich licenses. Why do I need to open up the sandwich and check third party sources so I can put Sriracha sauce on myself when I can just pay for a sandwich that has brand name Sriracha at the proprietary shop down the road? And I know about OpenHot and Yet Another Spicy Sauce, they just don't fit my use case. /j
pete_the_paper_boat | 10 hours ago
YASS would probably do well on brand recognition alone
HiddenTig | 16 hours ago
Stupid things broke - I tried to compile a hotdog and it crashed despite meeting spec requirements.
moocow1452 | 9 hours ago
Works on my end, try a previously unused kitchen?
sorkceror | 10 hours ago
This is great, thanks for sharing!
tanglisha | 4 hours ago
I love this!
SBOMs are such a great idea, but always felt hopeless to me because of dependency chains.
Add that to vulnerability scanners that complain about everything right down to the language you're using and defenestration seems like the best option.