I like to understand what I work with, but I also like to keep my tools (like: Docker container images) as close to “stock” as possible, because that way they benefit the most from security testing and patching that others do, and make as little work for me as possible when I install upgrades.
Having said that, some tech (especially Bluetooth) is best “reinvented locally” IMO, simply because so much effort is being put into breaking Bluetooth security, and nobody really cares to break our products, but if we use Bluetooth we will be slapped with CVEs to patch constantly. So, yeah, use the Bluetooth supporting hardware, but roll your own reasonable security appropriate for your applications and get the hell out of the firehose of whack-a-mole security patches.
loudwhisper@infosec.pub 5 days ago
100% agree. But. If you are a principal engineer claiming to have experience hardening the thing, you would expect that learning to have already happened. Also, I would be absolutely fine with “I never had a chance to dig into this specifically, I just know it at a high level” answer. Why coming up with bs?
I mean, we are talking about people whose whole career was around Kubernetes, so I don’t think so?
rottingleaf@lemmy.world 5 days ago
Ah. OK. Yep, people lie in their CV’s.