The monetization of the software security business is getting out of hand.... - Random

voxpelli, 3 months ago

The monetization of the software security business is getting out of hand.

Security issues gets invented or made up to satisfy budgets and growth or fame and bug bounties.

This reminds me of the more valid, but for most devs rarely relevant, ReDoS security issues that feels
like it makes up 2/3 of all npm security reports nowadays, causing such alert fatigue that pretty much all issues are shrugged away as being “theoretical DoS” rather than “may get hacked” https://mastodon.social/@bagder/111963196675992402

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Image

Image alternative text

robinwhittleton, 3 months ago

@voxpelli only ⅔rds? I wonder if the current swing back towards better tooling and managed languages will cause less payouts overall, further splitting the industry into chancers and senior experts.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

voxpelli, 3 months ago

@robinwhittleton Less payouts will mean more desperation and even more inventive ways to file CVE:s.

“Your web component is susceptible to a timing attack if closely tied to a password store”

I wonder if the CVE system will survive the gold diggers and what other system can be used for actual critical vulnerabilities.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Add comment