[tptacek]

But that's exactly what people were saying about fuzzer farms in the mid-2000s, in the belief that artisanal audits would always be the dominant means of uncovering bugs. The truth was somewhere in between (it's still humans, but working at a higher layer of abstraction than they were before) but the fuzzer people were hugely right.

If you can reliably get x% lucky finding vulnerabilities for Y$ cost, then you simply scale that up to find more vulnerabilities.

[jdefr89]

I don’t recall anyone saying anything of the sort back then about fuzzing? Back then you could run the most basic fuzzer and find tons of bugs! Where did you see people complaining about fuzzers??

[tptacek]

If you go digging through the blogosphere of the time you'll turn it up. I feel like this is ~2006?

[jdefr89]

Bro in 2006 there wasn't any blogosphere. You had IRC.. I can’t find anything of the sort and do you have a link to this discovery that you say was made via LLM?

[tptacek]

Bro, I've been a practitioner since 1996 and ran a fucking security blog in 2006.

[jdefr89]

Unless the blog was Phrack, you shouldn't be surprised I never heard of your blog unless it is something you think I would know.. This stuff didn't have such a public community back then like it does now..

[tptacek]

I don't understand what you're trying to say here. I'm not surprised you didn't know about the blog; you appear not to believe blogs existed in 2006.

I want to stop being elliptical and just say directly: you have strange and counterfactual ideas about the security research community of the mid-aughts. 2006-2008 was the height of the security blogosphere. This stuff definitely had a huge community.