Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Project Zero is not defensive. Infosec Twitter has both sides.

I do agree with you that defense is a large part of the industry. My perspective is even that most organizations are looking for “defense” roles. The field is very wide (e.g., folks working on cryptography to sec ops).



It is defensive, but for the best guys out there, the carrot is on offensive side. You are not getting rewarded for doing perfectly secure systems, unless you work in very big company.

It means that most of the average guys build defense, and then the best guys test them and pick the money when something is found. While we could prevent most issues if those best guys help on building the systems instead.

But they have no motivation, because they get more money from other things.


I think that you might actually observe that finding attacks on systems is common, while developing a “perfectly secure system” is much harder to do, if not impossible.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: