undefined | Better HN

0 pointsfalcolas10y ago0 comments

Understanding how to hack something is (arguably the most) important knowledge for a securing that something. If you don't know how it can break, how can you fix it?

0 comments

JoachimSchipper10y ago

If you don't know that something can break, it's hard to get it right. But I have many colleagues who've never exploited a buffer overflow, but who still do a fine job of counting their bytes. High code quality and coding patterns that reduce mistakes are really important; knowing a little about exploitation is useful to judge impact and to design anti-exploit defenses, but don't overestimate the impact - defenders' time is often better spent elsewhere. (Of course, hacking is sexy.)

(I write high-security software. )

tptacek10y ago

He doesn't disagree with you; he's a professional pentester.

j / k navigate · click thread line to collapse

0 pointsfalcolas10y ago0 comments

Understanding how to hack something is (arguably the most) important knowledge for a securing that something. If you don't know how it can break, how can you fix it?

0 comments

JoachimSchipper10y ago

(I write high-security software. )

tptacek10y ago

He doesn't disagree with you; he's a professional pentester.

j / k navigate · click thread line to collapse