This Thanksgiving, let's thank the preventers.

This Thanksgiving, let's thank the preventers.

Prabhu S. Prabhu S.

Prabhu S.

AppSec Tools Builder | Founder, AppThreat

发布日期: 2023年11月23日
+ 关注

Ever since LinkedIn changed their recommendation algorithm this month (Is it AI now?), my feeds have become less informative (for lack of better words) with posts that are either political statements (Why? We have X already for that!) or even more dangerous ones - posts that boast about new CVEs!

"Hey, look at me. I filed a CVE and got paid $500."
"I clicked a button on burp and filed a CVE on H1. Mom, I'm a security researcher now!"

We have created a system where we reward the bounty hunters and their tools after insecure things get released and the snake is already out.

Snake hunter with a tool


What about the people who write secure code, implement secure pipelines, or configure infrastructure correctly so that the vulnerabilities never get into production environments? What about the author of popular tools and linting plugins that prevent vulnerabilities such as SQL Injection and XSS from even getting added in the first place? How much $500 per CVE NOT CREATED are they earning?

These are the preventers. Like defenders, hunters, and testers, they play a crucial role in helping us sleep peacefully.

Let's thank the preventers this Thanksgiving!


要查看或添加评论,请登录

Prabhu S.的更多文章

  • Supply Chain Risk Audit is an art
    2024年8月7日

    Supply Chain Risk Audit is an art

    I have the utmost respect for Lead Engineers and Security Leaders, who review the third-party libraries and packages in…

    1 条评论
  • You must be using CVE 5.0
    2024年3月20日

    You must be using CVE 5.0

    A specification must be a joy to use, implement, integrate, and enhance. It must be unopinionated and sufficiently…

    1 条评论
  • Paywalls for SBOMs are fine
    2024年3月8日

    Paywalls for SBOMs are fine

    Everyone hates paywalls. I hate them too; that is why I give away my work for free and open source.

    12 条评论
  • What is open source?
    2024年2月5日

    What is open source?

    There are many definitions of open source. People think it is something you do (contribution), something you use…

    1 条评论
  • DepScan ?? PHP
    2024年1月12日

    DepScan ?? PHP

    Like many worldwide, the recent ownCloud vulnerabilities got us worried as security professionals and tool authors…

  • Towards a hybrid Source and Binary Composition Analysis tool
    2023年12月17日

    Towards a hybrid Source and Binary Composition Analysis tool

    Almost all software, including open-source libraries and IDE plugins, are increasingly distributed as binaries. DevOps…

    3 条评论
  • Is the Linux Foundation distracted?
    2023年12月11日

    Is the Linux Foundation distracted?

    This is my personal opinion and has nothing to do with my affiliations. I have been wanting to write this for a while…

    1 条评论
  • OWASP dep-scan v5 released
    2023年12月5日

    OWASP dep-scan v5 released

    If there is one product release that can summarize everything my colleagues and I have been working on for a whole…

    3 条评论
  • Maturing with BOMs
    2023年11月21日

    Maturing with BOMs

    What is the secret to performing an accurate analysis of software and supply chain risks? It starts with collecting a…

  • This Diwali, let's share the knowledge of Application Security.
    2023年11月11日

    This Diwali, let's share the knowledge of Application Security.

    Diwali, the festival of lights, symbolizes the "victory of light over darkness and knowledge over ignorance." If you…

社区洞察

其他会员也浏览了