Conversation

Notices

1. Embed this notice
   Josh Bressers (joshbressers@infosec.exchange)'s status on Friday, 22-Nov-2024 02:29:20 JST Josh Bressers

   The most effective security efforts are lists of vulnerabilities that minimally change every time they are updated

   This was meant to be a joke, but then I realized it's also true

   • Embed this notice
     Darakian (darakian@fosstodon.org)'s status on Friday, 22-Nov-2024 08:31:29 JST Darakian

     in reply to

     @joshbressers What's your criteria for "effectiveness"? 👀

   • Embed this notice
     Josh Bressers (joshbressers@infosec.exchange)'s status on Friday, 22-Nov-2024 08:31:29 JST Josh Bressers

     in reply to

     • Darakian

     @darakian

     The two obvious lists that get the most attention are the OWASP Top Ten and this new list from MITRE

     Then when I realized they probably ARE the most effective lists around, it made me sad

   • Embed this notice
     Josh Bressers (joshbressers@infosec.exchange)'s status on Friday, 22-Nov-2024 08:37:42 JST Josh Bressers

     in reply to

     • Darakian

     @darakian

     In the case of any list, if you're actually doing it right, things should be dropping off the list

     I'm not sure anything has ever really come off any security list because an effort was made to get rid of it

     Maybe if CISAs push to stop using memory unsafe languages, in 200 years, we can remove buffer overflows :P

   • Embed this notice
     Darakian (darakian@fosstodon.org)'s status on Friday, 22-Nov-2024 08:37:43 JST Darakian

     in reply to

     @joshbressers I sorta meant more "how do you measure it?". Even if "measure" is hand wavy