Fixers are reacting, sure, but they're probably reacting to far more vulnerabili... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

cperciva on July 5, 2012 | parent | context | favorite | on: So You Want to Be a Security Expert

Fixers are reacting, sure, but they're probably reacting to far more vulnerabilities than any one breaker could find. And reacting doesn't mean that you can't be leading -- it's entirely possible for someone to say "gee, OpenSSL seems to have lots of security vulnerabilities, maybe we should avoid using OpenSSL" and thereby pre-emptively immunize themselves against a wide range of yet-to-be-discovered breaks.

As for me being a breaker... I'd say that my security-related time is split roughly 90% building, 9% fixing, and 1% breaking.

tptacek on July 6, 2012 [–]

That's how you spend your time now.

cperciva on July 6, 2012 | [–]

No, that's how I spent my time when I was FreeBSD Security Officer. Now there's more building.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact