Comment by hnlmorg
4 hours ago
> It's because you (like me) aren't quite as paranoid as security people are.
I work heavily with security-conscious clients where vulnerabilities would be catastrophic. And we are talking high profile clients that are juicy target for attacks.
My experience is still that the vast majority of vulnerabilities are accidental rather than due to malice.
And when I say “vast”, I mean the so heavily slanted in favour of “unintended” that it’s not even comparable.
> It's really a matter of context. Security people tend to only be involved when things are already nefarious
I’m guessing you’ve not worked with many “security people”?
You’d be surprised how much of their day-to-day is mundane.
Oh i've worked with plenty. Maybe they knew more than they let on but they were (and are) convinced that every little belch is a full on attack.
I know their day to day is just as mundane as the rest of ours it's their "Step 1" approach that i've seen to be entirely different. I assume it's probably a software bug, they assume it's an exploit.