Comment by CuriouslyC

Comment by CuriouslyC 19 hours ago

4 replies

View on Hacker News

You're countering vibes with vibes.

If the tests aren't good enough, break them. Red team your own software. Exploit your systems. "Sitting with the code" is some Henry David Thoreau bullshit, because it provides exactly 0 value to anyone else, whereas red teamed exploits are objective.

kranner 19 hours ago

The way you come up with ideas on how to break, red team and exploit; when to do this and how to stop: that part is not objective. The machine can't do this for you sufficiently well. There is a subjective process in there that you're not acknowledging.

It's a good approach! It's just more 'negative space' than direct.

Reply View 2 replies
  • CuriouslyC 18 hours ago

    People who pentest spend more time running a playbook than puzzling over the logical problem of how to break a piece of software. Even a lot of zero days are more about knowing a pattern and mass scanning for it across a lot of code than playing chess vs a codebase and winning.

    Reply View 1 reply
    • kranner 18 hours ago

      Fine, but is that the entirely of software development? It even seems a waste of time by your own reasoning if it's so automatable already.

      Reply View 0 replies
nkohari 18 hours ago

You're over-rotating on security. Not that it isn't important, but there are other dimensions to software that benefit heavily from the author having a deep understanding of the code that's being created.

Reply View 0 replies