Overheard: "create tooling that kills all classes of vulnerabilities"
- @leolukde
who's in?
2
17
Indeed! Finding individual bugs is great, but systemic risk reduction requires eliminating entire classes of vulnerabilities. Has been true for a long time - some like @paxteam have been preaching it for decades. Took a long time for the industry to accept it... (1/2)
2
8
what i've been really 'preaching' (more like, showing by example :) is about stopping classes of exploit techniques, not so much fixing bug classes per se (it happened on the sidelines). the latter is harder 'cos there're much more of them than exploit techniques.
Feb 6, 2022 · 1:28 PM UTC
1