|
|
|
|
|
|
by wslh
892 days ago
|
|
|
No, that is in general the issue with security bounties. They attract mainly people who have enough time for trial and error and/or prior domain expertise and/or extremely smart in specific software. Nowadays cybersecurity is a vast field and it is not the same to be a white hat hacker specialized in Google Chrome issues than one in iOS. Not saying it cannot be the same person but the amount of time required to catch issues is long. I think supply chain attacks are not being taken very seriously. Think that people working, for example, in Python or JavaScript use pip or npm daily no matter if they work for a nuclear agency or your uncle's bar. |
|
|