voxpelli, The monetization of the software security business is getting out of hand.
Security issues gets invented or made up to satisfy budgets and growth or fame and bug bounties.
This reminds me of the more valid, but for most devs rarely relevant, ReDoS security issues that feels
like it makes up 2/3 of all npm security reports nowadays, causing such alert fatigue that pretty much all issues are shrugged away as being “theoretical DoS” rather than “may get hacked” https://mastodon.social/@bagder/111963196675992402
Add comment