top | item 39576009

(no title)

tyfighter | 2 years ago

No, you're not getting it. The reverse engineering itself is obviously extremely difficult work, but it's the work of an individual or at best a small team. Reverse engineering work only provides existence proofs of security issues, mostly singular instances. Taken to its extreme, some reverse engineers believe this means that all memory unsafe software needs to be rewritten. The sheer amount of software written in C or C++ dwarfs the size of the reverse engineering community in amounts I can't even fathom.

discuss

kevingadd|2 years ago

I don't understand how this justifies writing off the work of security professionals as not real work or not difficult. Is the author talking about people who run security scanner scripts and call it a day? If so, why are those people relevant to discussions of memory safety and why generalize the entire discipline based on them? Are we supposed to generalize the traits/experiences of the average PHP developer and apply that to Haskell and C++ experts too? Every field has lazy people or unskilled hacks in it.

Some subset of the industry having "bad opinions" also does not mean their work suddenly has no value or they're not trying hard. To me this approach to the hard work of real experts is immediately disqualifying for someone's opinions. They can think it, but if they want to say it they should be prepared to not be taken seriously.