NebLem

Hopefully more projects take advantage of vulnerability scanning and monitoring tools like those in this OWASP list https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools, have good code quality standards to make their projects easier to understand and evaluate, contribute and respond to CVE reports, and get third party security auditing.

All of that is hard to motivated those throwing their code out to the world only to share how they scratched their itch to perform. I think we need a combination of governments and non-profits providing incentives / grants to projects doing good practices, document and provide trusted a forum to validate vulnerabilities, give some backing to “trusted” frameworks, and provide some vulnerability and auditing themselves.

The recent EU push into more government open source usage will help as they will be more incentivized to secure the pipelines and everyone will benefit the fruits of that firehose of funding.

I’m not aware of any way to do that, but that sounds neat!

Even if that type of filter isn’t added to lemmy server, it’d be awesome on a client.