@sri @jacobwm Speaking of code audits, just saw this announced: Google's vulnerability scanner making use of OSV.dev:
https://venturebeat.com/security/google-releases-vulnerability-scanner-for-open-source-software-backed-by-community-editable-database/
#codeAudit #vulnerabilityScanner #floss #security

ive never used or looked at mastodon before this, but if i were auditing this, id be logging the bio url verification as an SSRF and DDoS Amplification Vector as well as making some comments on some of the shortcomings re: validation depending on how much the green check was valued.