Gal Shpantzer · Dec 27, 2017 · 7:09 PM UTC

Gal Shpantzer

Gal Shpantzer @Shpantzer

27 Dec 2017

If you are in information security, and you say things like “the user is the last line of defense...” you’re in serious, long term trouble. It should not be the case that your users are your last line of defense. Discuss.

102

Bil Corry · Dec 28, 2017 · 2:59 PM UTC

Bil Corry · Dec 28, 2017 · 2:59 PM UTC

Bil Corry @bilcorry

28 Dec 2017

Replying to @Shpantzer @shehackspurple

Startup idea: hire users that really ARE your last line of defense. Oh wait, that’s big bounty, never mind.

Dec 28, 2017 · 2:59 PM UTC

Gal Shpantzer · Dec 28, 2017 · 3:19 PM UTC

Gal Shpantzer @Shpantzer

28 Dec 2017

Replying to @bilcorry @shehackspurple

Bug bounties in theory help you find valid and valuable vulnerabilities. You still have to do a LOT of work to triage them and etc. And those are almost universally server-side, not client-side, where the... users are.

Tanya Janca · Dec 28, 2017 · 3:10 PM UTC

Tanya Janca

@shehackspurple

28 Dec 2017

Replying to @bilcorry @Shpantzer

😜