Bad security pratices in manifests

[Lucas Augusto Mota de Alcantara]

Hello everyone!

Recently, I've found an academic research about bad coding practices in
manifests which can lead to security issues. I found it interesting, but I
notice that the practices that the researchers pointed out aren't specific to
Puppet nor even to infrastructure as code applications. So I wonder if is there

any material available, specially to the newcomers, talking about bad practices

in manifests, specially about the ones that can lead to security weakness.

The research was this one: https://ieeexplore.ieee.org/document/8812041

Does anyone knows about the existence of such material?

[Dan White]

As one needs to be a member of IEEE to read the paper, it is tough to provide feedback. 

—————————————————————————————————-

"Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us."

Bill Waterson (Calvin & Hobbes)

On Jul 17, 2020, at 1:43 AM, Lucas Augusto Mota de Alcantara <la...@cin.ufpe.br> wrote:

Hello everyone!

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c282c833-95f2-4d1d-9b58-7b5ce1fb16dcn%40googlegroups.com.

[Lucas Augusto Mota de Alcantara]

I'm sorry, here is a public link: https://akondrahman.github.io/papers/icse19_slic.pdf