@bagder I remember when I was at Red Hat I did a thought...

@bagder I remember when I was at Red Hat I did a thought experiment: what is the minimal amount of work an attacker could do to cause the maximum amount of effort by a security team?

This was over 10 years ago and a lot of what we were experiencing and what I came up with back then is now trivial for attackers thanks things to these LLM‘s.

And the problem is you can’t have a skill testing question or something because occasionally somebody will find a gem in the rough and report it, and risk of missing that is seen as not acceptable by most people.

I don’t know what the future bolts for open source security reporting, but I have a suspicion. Things are gonna have to change in the next few years. People are going to get burnt out.

Edit: for readability

Like 16 Oct 2023 at 15:43 | Wall-to-wall | Open on infosec.exchange