
Fast Incident Response: a cybersecurity incident management platform - based2
https://github.com/certsocietegenerale/FIR
======
tetrep
kinda sad that a web app for managing security failures has XSS directly via
the UI (you can just copy/paste HTML into it).

I'd be extremely hesitant to put sensitive information into an application
that lacks even a basic understanding of how to secure itself.

[https://github.com/certsocietegenerale/FIR/issues/50](https://github.com/certsocietegenerale/FIR/issues/50)

~~~
andersonmvd
Although it's faster to fix a XSS than to build this very system from scratch
again. It's better to contribute rather than complain. We all should be
thankful because it is open source. Don't you agree?

~~~
toomuchtodo
Just think about the momentum open source would have if each time somebody
spent time submitting a comment to complain, they instead did a PR and fixed
the issue.

#PRsBeforeComplaints, or something like that

~~~
grub5000
That's not really viable though is it? It's easy enough to spot flaws without
knowing how to fix them.

~~~
toomuchtodo
If you've got the skills, open a PR. If you don't, an Issue is sufficient
(unless you're demanding a feature).

------
bearbin
> FIR is not greedy performance-wise. It will run smoothly on a Ubuntu 14.04
> virtual machine with 1 core, a 40 GB disk and 1 GB RAM.

It's a simple CRUD App, why does it need a whole gig of RAM‽

Also, Is there a demo site, or more screenshots than in the README?

~~~
reitanqild
requirements.txt:

Django==1.7.6 argparse==1.2.1 cssselect==0.9.1 flup==1.0.2 lxml==3.4.2
pymongo==2.8 pyquery==1.2.9 python-dateutil==2.4.1 pytz==2014.10 six==1.9.0
wsgiref==0.1.2

Also I see Docker mentioned. Not sure if it is supposed to be used in
production or not.

------
56k
Why is this #4?

~~~
tshtf
Because users of HN found it interesting and decided to upvote it.

It certainly fits in with the HN Guidelines:
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

