Alex loves repeating this, but there are two problems with his observation. 1/ The reality is that the distribution of effort lines up *really* closely with his pyramid. The volume of discussion doesn't reflect that, because phishing isn't news. https://twitter.com/Kym_Possible/status/1187414505287864321 …
Right, few of us are going to read new articles about phishing, it's already well understood, documented... and boring. So long as the distribution of effort is about right, why does it matter?
-
-
i honestly don't think distribution of effort is anywhere close to about right.
-
What percentage of people should be working on side-channel research? I would guess maybe a few dozen people are working on it, where as hundreds of thousands are working on abuse, operations, phishing, malware, etc. How much lower can we go?
End of conversation
New conversation -
-
-
Also research shouldn't solely focus on already known attack vectors. Whole bug classes were eliminated because people thought out of the box and searched for new vectors. Research is most effective if unrestricted, not if everybody focuses on the same three attacks.
-
Just because they are exotic, doesn't mean they don't have real impact on a subset of people. We should strive for an overall secure eco system, not one were only the average vanilla user / org is secure.
End of conversation
New conversation -
-
-
Valid critique. I guess the takeaway is that maybe this wasn't the audience that needed to hear this talk? When the audience is more public/undergrads/up and comers, it tends to be valuable to hear that you shouldn't spend 90% of your time worrying about NSO Group
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.