yep. But is it because sec professionals don't want to do the work. Or because companies don't invest in internal teams.
I don't think auto cos are being sold on it. I think lots are saying "use a bug bounty." People do what they're sold.
-
-
judging by the last 12mo the experience of having vulns found is very solid catalyst for defensive investment
-
yep. But only vulns that demonstrate safety impact so far. Others are often ignored.
-
defense in depth and potential for vuln chains are still overlooked.
-
i'm seeing a lot of movement around that atm
-
thats good to hear
End of conversation
New conversation -
-
-
but I agree they need to focus on the right things.. Just Bug Bounty is not the right way obviously.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I’m not sure. I think they understand safety very well, and seem to understand that sec+safety are not separate.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.