• jkrtn@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    9 months ago

    You’re correct. And I don’t think we are armchair coding. We know proper security is so hard that even experienced developers can write code vulnerable to something like a timing attack. But sending secure data to unvalidated input isn’t a minor slip up that could happen to anyone. They are either unaware of or not bothering with good practices.