• bloodfart
    link
    fedilink
    arrow-up
    6
    ·
    6 months ago

    We’re training too many “security” people.

    • AggressivelyPassive@feddit.de
      link
      fedilink
      arrow-up
      14
      ·
      6 months ago

      Rather the wrong ones.

      95% seem to be essentially professional box tickers. They don’t care about security, but only about process compliance. As long as the scanner finds no CVEs, the app is secure.

      I want people who actually know, how I can improve my code. I’m pretty sure I screwed up security stuff, but will never know.