Stagg54 Posted September 8, 2020 Report Share Posted September 8, 2020 (edited) So we had a discussion during Virtual Coffee about malicious packages and vetting. How do we verify that code is not malicious? What might flag something as malicious? We can use VI analyzer to check for certain things such as: PW protected VIs Removed BDs Call Library Node .NET nodes Network nodes (TCP, UDP, etc) File I/O nodes Shell commands Run on open Subvis with no icon or hidden under other objects What should we add to that list? Also we need to be careful with the fact that people can use #vian_ignore to ignore specific tests, so maybe we need to add some randomness to naming tests to avoid that. We will also need A system for revoking or removing packages A way of notifying users if a malicious package is found. Flagging packages that depend on malicious packages Any thoughts from the community about security and package management/distribution? Edited September 8, 2020 by Stagg54 Quote Link to comment
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.