Vulnerability research doesn't have the same "known payoff" quality that CTF problems possess.
-
-
-
And CTF problems tend to inadvertently signal a 'correct' methodology in a way that real software doesn't.
- 1 more reply
New conversation -
-
-
@benhawkes You're not hiring them for the bugs they've found, but rather for autodidactism, low-level interest, demonstrated skill, etc. -
@ebeip90 Right, right. But does any of this necessarily translate to future success in attack research? I'm uncertain. Maybe it does. - 4 more replies
New conversation -
-
-
@benhawkes For vuln research, they’re very good as the top of the funnel, and as a strong bozo filter.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@benhawkes the thing it isn't teaching is multi-week persistence; but generally it is better than all alternatives I know.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@benhawkes Agreed. There is zero barrier for them to switch to basic vulndev or write 1-day exploits, not sure why they tend to avoid that -
@benhawkes Would you rather have jr w/ a dozen CVEs in fairly crap software/unable to write full bypass exploits, or decent CTF exploiter
End of conversation
New conversation -
-
-
@benhawkes My issue's always been that it limits the pipeline to those available full weekends and willing/able stay up 48 hours straight -
@natashenka@benhawkes isn't that great. You work mô-fr and the new hires sa+so nonstop - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.