Lots of people using "sparse" vs "dense" to reason about vulnerability research recently, but I'm not convinced that it's a useful exercise
-
-
@benhawkes this is easy to grasp when you look at sw written against a spec, like FTP. It's just "done" at some point. -
@dguido I'd add that thoughtful compartmentalization can give a defensible (limited+stable) attack surface even where dev velocity is high. -
@dguido Primarily I just wanted to unpack the "bugs are dense so VR doesn't matter" idea in to something that can be concretely debated. -
@benhawkes yeah that's a silly thing to say, even though bug finding has been over emphasized as a defense. IMHO stems from offense envy. -
@dguido@benhawkes bug finding is overrated as a defence (obvs not completely useless), but fetishizing bugs is an industry wide problem - 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.