Comment by kranner

Comment by kranner 18 hours ago

2 replies

View on Hacker News

The way you come up with ideas on how to break, red team and exploit; when to do this and how to stop: that part is not objective. The machine can't do this for you sufficiently well. There is a subjective process in there that you're not acknowledging.

It's a good approach! It's just more 'negative space' than direct.

CuriouslyC 17 hours ago

People who pentest spend more time running a playbook than puzzling over the logical problem of how to break a piece of software. Even a lot of zero days are more about knowing a pattern and mass scanning for it across a lot of code than playing chess vs a codebase and winning.

Reply View 1 reply
  • kranner 17 hours ago

    Fine, but is that the entirely of software development? It even seems a waste of time by your own reasoning if it's so automatable already.

    Reply View 0 replies