
Making OpenSource software more secure using Kafel and Dependency Analysis - entelechy
https://github.com/LoopPerfect/buckaroo/issues/127
======
entelechy
I think this is a big issue in the opensource ecosystem.

It's hard to reason about the security implications of pulling in a dependency
to your project.

There is not enough documentation about what OS features a library requires
and what behavior should be considered as an anomaly.

Why is software hardening not an established practice?

