|
|
|
|
|
|
by lizard
911 days ago
|
|
|
> cybersecurity is unique in the sense that you're dealing with intelligent adversaries I disagree with this on the grounds that normal software engineering is dealing with intelligent adversaries as well. They may not be "adversarial" in the sense they are maliciously trying to _break_ the code, but if it is successful in performing _some_ work they will attempt to use it to perform other work as well, whether it was intended to or not. But, what the author seems to be saying here is that a "vulnerability" is just a fancy word for a bug that is not inherently more significant than a crash or outage (where the vulnerability may not be available to exploit anyways). The suggest that cybersecurity teams may be more successful by integrating with the pipelines developers and SREs already have for dealing with issues (including critical ones) than interrupting their work and trying to assert how much more important cybersecurity is. |
|
|