readme: Rust enables our Security goal

[skip ci]
dathere · Oct 16, 2023 · 3d38150 · 3d38150
1 parent 036b04a
commit 3d38150
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/README.md b/README.md
@@ -322,7 +322,7 @@ Luau will also serve as the backbone of a whole library of **qsv recipes** - reu
 * **As Portable as Possible** - qsv is designed to be portable, with installers on several platforms with an integrated self-update mechanism. In preference order, it supports Linux, macOS and Windows. See [Installation Options](#installation-options) for more info.
 * **As Easy to Use as Possible** - qsv is designed to be easy to use. As easy-to-use that is,
  as command line interfaces go :shrug:. Its commands have numerous options but have sensible defaults if a user does not want to use options. The usage text is written for a data analyst audience, not developers; and there are numerous examples in the usage text, with the tests doubling as examples as well. In the future, it will also have a TUI (Terminal User Interface) mode.
-* **As Secure as Possible** - qsv is designed to be secure. It has no external runtime dependencies, and it's codebase is regularly audited for security vulnerabilities with automated [DevSkim](https://github.com/microsoft/DevSkim#devskim) and ["cargo audit"](https://rustsec.org) Github Actions workflows. It has an extensive test suite with more than 1,200 tests, including several [property tests](https://medium.com/criteo-engineering/introduction-to-property-based-testing-f5236229d237) which randomly generate command-line parameters for oft-used commands. It also has a [Security Policy](SECURITY.md).  
+* **As Secure as Possible** - qsv is designed to be secure. It has no external runtime dependencies, is [written in Rust](https://www.linkedin.com/pulse/unlock-security-performance-embrace-rust-programming-revolution/), and it's codebase is regularly audited for security vulnerabilities with automated [DevSkim](https://github.com/microsoft/DevSkim#devskim) and ["cargo audit"](https://rustsec.org) Github Actions workflows. It has an extensive test suite with more than 1,200 tests, including several [property tests](https://medium.com/criteo-engineering/introduction-to-property-based-testing-f5236229d237) which randomly generate command-line parameters for oft-used commands. It also has a [Security Policy](SECURITY.md).  
 However, it does not use cryptographically secure random number generators as the performance penalty is too high and the qsv's use cases do not require it.
 (search for the codebase for *"[//DevSkim: ignore DS148264](https://github.com/search?q=repo%3Ajqnatividad%2Fqsv+%2F%2Fdevskim&type=code)"* to find instances where qsv uses a non-cryptographically secure random number generator)
 * **As Easy to Contribute to as Possible** - qsv is designed to be easy to contribute to, with a focus on maintainability. It's architecture allows the easy addition of self-contained commands gated by feature flags, the source code is heavily commented, the usage text is embedded, and there are helper functions that make it easy to create tests. See [Features](docs/FEATURES.md) and [Contributing](CONTRIBUTING.md) for more info.