@wolf480pl of course its marketing from their side but my take-away is rather the thing we already knew: none of these tools find *all* the errors and they all are going to find different issues, probably even depending on who runs and pokes at them for each particular code base
Post
Replies:
6
is it stupid to ask if or why a DHCP server needs to run as root?
@bagder It's almost as you still need to know regex to operate grep efficiently.
@bagder
hmm but if only AISLE is able to identify that vuln, then how would attackers be able to find it? 🤔
@wolf480pl I believe it only explicitly highlighted that Mythos did not find it. Not that no one can't find it.
@bagder yeah but I think the subtext of this competition and the PR around it seems to be "you should use our tool because it can find vulns nobody else can"
And sure, there is an asymmetry in that the defender needs to find all vulns an attacker could potentially find, while the attacker only needs to find one
but I wonder if there's a point after which better ways to find vulns don't actually make users more secure, and become a protection racket
@wolf480pl of course its marketing from their side but my take-away is rather the thing we already knew: none of these tools find *all* the errors and they all are going to find different issues, probably even depending on who runs and pokes at them for each particular code base
