1. 20

  2. 8

    Here’s a plug for the thing I’m working on. If you want a VPN in less than 4k lines of code – small enough that you can read and understand it in a single sitting – then you might want to checkout WireGuard. It’s a relatively new project, but considerably less scary than big behemoths like OpenVPN or IPsec.

    1. 1

      Would I be able to use wireguard with something like Mullvad?

      1. 1

        Yes. If you Google those two keywords, you’ll find what you’re looking for.

        1. 1


    2. 1

      Manual reviews may still be part of the effort, but only there where automation (fuzzing) is not adequate. Some examples:

      I know he goes on to list specific things that fuzzing finds hard to find, but I personally think that it would be better to say that both fuzzing and manual code review should be used.

      1. 3

        That would not be actionable advice - of course more review in any form is better in isolation, but the question people actually have to answer in practice is where to best expend limited resources.