Stupid fucking client force us to deploy our nodejs codebase on windows server fucking 2016 because that the only version their security team has audited, and in their word: "open source oses like linux are more vulnerable because anyone can contribute????"
I fucking hate digital transformation projects with a passion because of stupid fucking client with their stupid fucking red tape problems

Heh... I have a project that has been on AWS for a year of dev already. The main API it runs on? Also on AWS. The IoT features? Also on AWS.

Clients plan is to launch on Azure.

Their audit can't have been anything other than a surface level check list of features - or maybe they misunderstood when their team said they used the windows audit tool (lol). The Windows XP code was "leaked" (probably by microsoft to force legacy upgrades) after 20 years and we still haven't audited even that version of windows - there's no reason to do so now. How can you audit proprietary black boxes? You can't. You can only audit the observable effects. Tell them that they are stupid to believe that a company's small development team is so smart that they've stumped all hackers in the world. Tell them that less eyes on a project is a proven net negative. Most of all, ask them if their security team gave them the idea that open source is more vulnerable - and if so, fire them.

@comfycoding the fact that non tech companies still vastly use windows xp - 7 and outdated microsoft office just really show that these ppl actually don't give a shit about security, they just don't wanna use something they are not familiar with.

@antran22 yea that's a big part of it I'm sure

run a linux VM on thier windows server :)

Modern problems !

@comfycoding If you are a government or a company with >10,000 people you can get the Windows source code for auditing purposes + reproducible build verification.
But I somehow doubt the company is that large.

@sbiewald oh that's interesting, thanks!