.@csoghoian I train unspecialized CS undergrads to write PLA+ grade exploits in 8 weeks. It takes decades to become a nuke scientist.
-
-
@dguido What@csoghoian is describing is not that farfetched either. Happened to Richar Holmes, Leonid Strachunsky, probably Gerald Bull -
@daniel_bilar@csoghoian It's silly. Exploit dev is not the limiting factor. 1000s of potential recruits can dev the needed access tools. -
@daniel_bilar@csoghoian We previously did analysis on Chinese "broken arrows" and estimated < 2 weeks of dev time for a junior resource. -
@daniel_bilar@csoghoian You can see more details here for one of the largest sources of 0days in China:https://blog.trailofbits.com/2013/05/13/elderwood-and-the-department-of-labor-hack/ … -
@dguido@csoghoian Ah ok, I see now what you mean. Thanks for this pointer, I appreciate, I'll check it out.
End of conversation
New conversation -
-
-
@dguido@csoghoian I can believe that undergrads can be taught in 8 w. But that does not make them scientists, just techs, maybe jr. sw engs -
@daniel_bilar@csoghoian doesn't matter. 8 weeks is good enough to write exploits that break into@kaspersky. -
Tweet unavailable
-
@4Dgifts@dguido@csoghoian In 8 weeks? -
@daniel_bilar@4Dgifts@csoghoian definitely, but just the exploit piece. Software security sucks man, not sure if you're aware lol. -
@daniel_bilar@4Dgifts@csoghoian note for Chris, you'll get more bang for your buck if you focus efforts supply-side (the insecure sw)
End of conversation
New conversation -
-
-
@dguido@csoghoian My point was that PLA+ training you are describing is turning CS undergrads into techs/engineers not scientists.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.