Why I don't write exploits*: https://addisoncrump.info/important-information/why-i-dont-write-exploits/
In which I describe why I avoid writing exploits at all costs.
[#]testing #defense #vulnerability #academia #research
=> More informations about this toot | More toots from addison@nothing-ever.works
@addison The executives who control the money that the engineers need to spend in order to fix things do not always understand the implications of an ASan report, or even of a harmless PoC. Sad, but true. Often, not even other engineers do. Sad, but still true. Working exploits contributed greatly in getting us out of the dark ages, and I'm not excited about going back.
No defender sides with the NSO Groups of the world. Yet to be effective, we sometimes, rarely, do need to handle hazmat.
=> More informations about this toot | More toots from fugueish@wandering.shop
@fugueish @addison yes. A demo works wonders sometimes. "Open this page to open calculator" is hard to argue against.
=> More informations about this toot | More toots from freddy@security.plumbing
text/geminiThis content has been proxied by September (3851b).