. Hacker. MIT Sloan & Harvard Belfer visiting scholar. 
The sad truth is that it pays more to find vulnerabilities than to write secure code in the first place... #SSTIC keynote by @aionescu on the dev shortage to write secure code.pic.twitter.com/2VhsEzlAK1
Show this thread
-
I feel like this is a good part of
@k8em0 's stuff on bug bounties
It's regardless of bug bounty or full time security work - the finding of flaws generally pays more than building secure code, or fixing insecure code. It's the imbalance in The Force that's an ongoing problem. Security suffers as a result. So I agree with @aionescu 1000%
-
-
Finding vulnerabilities isn't just rewarded more with $$ but also industry recognition. Even at Google we have an external page thanking bug finders but nothing thanking the teams that fix them. Afterall, the purpose of hunting bugs is to fix them. :-) But such is life.
-
Pwnie awards for defensive work!
@dinodaizovi -
I'm actually *not* in favor of that.
@PwnieAwards are for offense. Hence the word pwn in there. I'm all for defense recognition, & I'm ok being overruled by fellow judges of the Pwnies, but there should be different awards for defense, IMO. -
Okay, that works too! :)
-
But what to call the defense awards? 'FenderBenders? DefenseWon? ProtectoRazzies?
-
Mitigators? And have the trophy be a model of
@halvarflake's mitigator..?!
-
I do like Miti-Gators.
-
Oh dear lord yes
- 1 more reply
New conversation -
-
-
This is going to continue until those running / profiting them insecure code are held to financially account.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.