Secure-sw-dev-fundamentals Alternatives and Reviews

Suggest an alternative to secure-sw-dev-fundamentals

secure-sw-dev-fundamentals reviews and mentions

Posts with mentions or reviews of secure-sw-dev-fundamentals. We have used some of these posts to build our list of alternatives and similar projects.

“Invalid Username or Password”: a useless security measure
1 project | news.ycombinator.com | 23 Nov 2022

Exactly, if you reveal that an account exists when you just type in an email address, then you have a privacy failure and probably a security failure.
For example, the OpenSSF's secure software development fundamentals course <https://openssf.org/training/courses/> in its section on minimizing feedback <https://github.com/ossf/secure-sw-dev-fundamentals/blob/main...> says:
* If a user tries to create an account using an email address, don't tell the user if an account with that email address already exists. Similarly, if a user tries to do a password reset using an email address, don't tell the user if there is no account with that email address. Providing that information would allow an attacker to determine if a specific email address is being used (or not) by some existing account.
Now for the unpopular take: not everyone lives in the US. The GDPR requires protection of personally-identifying information, and in many cases that includes email addresses that identify individuals. There are exceptions, but it's typically better to keep email addresses private unless the user specifically authorizes it.

Stats

Basic secure-sw-dev-fundamentals repo stats

Mentions

Stars

156

Activity

5.9

Last Commit

13 days ago

ossf/secure-sw-dev-fundamentals is an open source project licensed under Creative Commons Attribution 4.0 which is not an OSI approved license.

The primary programming language of secure-sw-dev-fundamentals is CSS.