[Fabricio20]

I'm still glad the DELETE thing works, I've reported a few times these with a complete writeup to Discord and all I got was a ticket being auto-closed after a month and the webhooks+servers still being up. I personally no longer bother reporting, just straight delete the webhook to stop the spread. Makes you wonder what their security/support team is doing with all those tickets.

[d4mi3n]

They may not have one, or have one that’s so underwater with larger issues that the rest of the org doesn’t know how to route things to them.

Hiring for technical security is hard—you need engineering expertise to find good people, and then you need someone with an infosec background to vet them.

Finding a combination of both is surprisingly rare and you usually find infosec folks who can define but not implement a security program, or an engineer that can implement a security program with no idea how to run or grow it.

I need more peers in this space. If you’re reading this and are a software engineer looking for a transition please do reach out—email is in my profile. There’s a huge demand for security engineers and not nearly enough engineers interested in doing it.

[cinntaile]

How do you mean? Do you mean infosec people usually don't have degrees?

[d4mi3n]

That depends entirely on their backgrounds. I myself do not. The status-quo here isn’t too different than anywhere else in the tech sector.

Many security engineers transition into infosec from related fields like IT, DevOps, Network Engineering, Product Engineering, or similar. This tends to work out well since security engineers work closely with all of those areas within an organization.

[raverbashing]

Discord's fraud and malware response is too simplistic to work

Somebody using my email for a discord acct without verification? Sure, go ahead (but I got the "verify your account" emails)

Then I "forget" the acct password, bam, account locked.

Which is fine by me, since I don't use that email with discord, still...