Wendy Nather6d ago

Okay, could someone explain something to me please?

Why did ANYONE ever think “guardrails” would work?

We all know that blocklisting is suboptimal because you can’t possibly enumerate all the badness (see also: antivirus). And anyone who has had to write a statement of work that includes application security requirements knows how impossible THAT is without adding a whole textbook as an appendix. (Or just writing “Don’t do stupid shit with the code,” which covers it pretty broadly.)

Don’t do that. Or that. Or that, either. And not like that. Oh, we didn’t know you could do that! Don’t do that.

Seriously, why??

Show threadEddie.6d ago

@wendynather on this line, one would think the code of conduct for any conference could be summed up with “Be Professional.”

It isn’t for the same reason we have to be warned coffee is served hot and we shouldn’t use chainsaws on our genitals.

Show threadWendy Nather6d ago
@infoseclogger /me quietly puts down the chainsaw
Show threadgary
@wendynather @infoseclogger conferences are not gta in real life - where is the line between reg mids professionalism and social engineering./ great places to network anyways #comp intel #recruiting #civil and persuasive #poly sci
Jun 15 at 7:50pmWeb