zlacker

[parent] [thread] 2 comments
1. spicyu+(OP)[view] [source] 2026-02-02 19:55:02
In a way security researchers having fun poking holes in popular pet projects is also just vibes.
replies(2): >>embedd+Pm >>jfyi+gD2
2. embedd+Pm[view] [source] 2026-02-02 21:33:49
>>spicyu+(OP)
Seems pentesting popular Show HN submissions might suddenly have a lot more competition.
3. jfyi+gD2[view] [source] 2026-02-03 13:19:50
>>spicyu+(OP)
There is definitely a large section of the security community that this is very true. Automated offensive suites and scanning tools have made entry a pretty low bar in the last decade or so. Very many people that learn to use these tools have no idea of how they work. Even when they know how the exploit works on a base level, many have no idea how the code works behind it. There is an abstraction layer very similar to LLMs and coding.

I went to a secure coding conference a few years back and saw a presentation by someone who had written an "insecure implementation" playground of a popular framework.

I asked, "what do you do to give tips to the users of your project to come up with a secure implementation?" and got in return "We aren't here to teach people to code."

Well yeah, that's exactly what that particular conference was there for. More so I took it as "I am not confident enough to try a secure implementation of these problems".

[go to top]