|
|
|
|
|
|
by mcherm
526 days ago
|
|
|
> The reality is that bug bounty hunters are deploying a significant percentage of the total malicious NPM packages each month. I don't actually think that is a bad thing. The TSA screening at airports would be vastly better if TSA maintained a "red team" that regularly tried smuggling guns (or water bottles or whatever) into airports. The agents would be more attentive if the number of incidents they dealt with was large enough that they could practice more often. The system could improve if it had actual feedback on how accurate and effective it was. And instead of agents overreacting or underreacting they could tune their responses to an appropriate level. The same applies to supply chain attacks. The REAL ones are rare, dangerous, and performed by experts; having a chance to practice catching them, to assess our detection rates, and to adjust our reactions is healthy. |
|
|
They actually do have this. TSA seem to still suck at their job:
https://www.forbes.com/sites/michaelgoldstein/2017/11/09/tsa...
https://www.gao.gov/products/gao-19-374