Security Static Code Analysis

Hi, did you take into consideration using available static code security analysis tools to automatically discover vulnerabilities in code? Most of them are free and integrated with Github, so they can even create tasks/issues to fix open gaps in code.


List of others

If you are asking about a security analysis of Tendermint and the Cosmos-SDK, multiple third party assessments have been done of those code bases – I would assume that those third parties were using either these tools or ones like them to catch the low-hanging fruit. Of course, each of those assessments was a point-in-time event, so your point still has merit from a continuous integration / assessment perspective. Having chatted a good deal with the security team at Tendermint (AIB), I would expect that they are doing something to this end.