this post was submitted on 02 Nov 2023
171 points (98.9% liked)

Asklemmy

43336 readers
875 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
171
What’s something on your mind lately that nobody else would understand? (programming.dev)
submitted 10 months ago by [email protected] to c/[email protected]
210 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] darth_helmet 32 points 10 months ago* (last edited 10 months ago) (2 children)

Cybersecurity, as a profession, is a fool’s errand.

Dedicated security staff exist solely to teach real engineers how to do their job, and the fact that such personnel exist is a catastrophic failure in computer science curriculum

[–] [email protected] 17 points 10 months ago (1 children)

It often seems cyber sec staff write reports on what should be done with no understanding of why and this leads to them fretting over things that are not actual vulnerabilities.

[–] darth_helmet 17 points 10 months ago

200 vulnerabilities, 2-3 that might actually be exploitable, and no prioritization. But look at these metrics!

[–] [email protected] 15 points 10 months ago (1 children)

I don't know if I am right but I am of the opinion that Cybersecurity should be considered a mastery branch on top of basic engineering skills. But it feels like there are so many Cybersecurity experts who do not understand enough about the underlying engineering concepts to be effective in their role.

[–] [email protected] 11 points 10 months ago

That's the real problem. Cyber security experts know bare minimum about coding, and coders can tell. Their knowledge only goes skin deep when you ask them to clarify an exploit, or to give a workaround. So coders usually tend to brush them off.

It should be a collaborative effort, security and coding, where security can fully understand what is being built and offer potential secure workarounds