User loginNavigation |
archivesPOLA Would Have Prevented the Event-Stream IncidentPOLA Would Have Prevented the Event-Stream Incident by Kate Sills
This npm / event-stream debacle is the perfect teaching moment for POLA (Principle of Least Authority), and for the need to support least authority for JavaScript libraries. My talk Securing EcmaScript, presentation to Node Security explained many of these issues prior to this particular incident. For LtU, my best explanation of POLA is Verify What? Navigating the Attack Surface given to the "Formal Methods Meets JavaScript" workshop at Imperial College. By MarkM at 2018-12-06 03:55 | LtU Forum | Site Discussion | login or register to post comments | other blogs | 2768 reads
|
Browse archivesActive forum topics
|
Recent comments
11 weeks 1 day ago
15 weeks 2 days ago
17 weeks 3 hours ago
17 weeks 3 hours ago
19 weeks 4 days ago
24 weeks 2 days ago
24 weeks 2 days ago
24 weeks 5 days ago
24 weeks 5 days ago
27 weeks 4 days ago