That’s a tough one. Some say it will destroy cybersecurity; others say the Mythos numbers are misleading and cherry-picked just to attract more investment. I really don’t know what the truth is, because the Mythos case is not open to the public.
I worked at Intel for many years 10k was just on my team's bug list. We were about 600 people. Probably closing 1k-2k issues a year. And there were a zillion other teams world wide.
When I first joined I was like Private Hudson in Aliens 2 - whats happening man?!? We are all going to die etc. Then you slowly realize just like your body, with a trillion cells somehow keeping the lights on, complex systems that survive, survive not because they are perfect systems, but because they already have developed 45 different ways to regain stable state whenever they derail.
Guys who had been there for 30 years wouldnt even blink if you tell them, man looks an entire bank in argentina or a telco in bangladesh shutdown because of us. They had already seen it happen so many times.
Today the issue the public is getting overloaded with everyones internal bug lists. Its unnecessary info overload. Just like my first year they are going to feel helpless and overwhelmed but I atleast could see on a daily basis systems being returned to stable states.
Sooner or later nothing was a crisis for me it was treated as just bad weather.
The public unfortunately doesnt have any way to experience that.
We have created an info environment that just keeps everyone freaked out and anxious. No one freaks out when they get the daily weather forecast that they have no control over. Thats how things should be.
I’m hearing from the security researchers is follow that while the numbers are real, the vast majority are trivial. They say industry has prioritized, correctly in my opinion, spending their limited resources on high value, high risk vulnerabilities.
That’s a tough one. Some say it will destroy cybersecurity; others say the Mythos numbers are misleading and cherry-picked just to attract more investment. I really don’t know what the truth is, because the Mythos case is not open to the public.
I worked at Intel for many years 10k was just on my team's bug list. We were about 600 people. Probably closing 1k-2k issues a year. And there were a zillion other teams world wide. When I first joined I was like Private Hudson in Aliens 2 - whats happening man?!? We are all going to die etc. Then you slowly realize just like your body, with a trillion cells somehow keeping the lights on, complex systems that survive, survive not because they are perfect systems, but because they already have developed 45 different ways to regain stable state whenever they derail.
Guys who had been there for 30 years wouldnt even blink if you tell them, man looks an entire bank in argentina or a telco in bangladesh shutdown because of us. They had already seen it happen so many times.
Today the issue the public is getting overloaded with everyones internal bug lists. Its unnecessary info overload. Just like my first year they are going to feel helpless and overwhelmed but I atleast could see on a daily basis systems being returned to stable states. Sooner or later nothing was a crisis for me it was treated as just bad weather.
The public unfortunately doesnt have any way to experience that.
We have created an info environment that just keeps everyone freaked out and anxious. No one freaks out when they get the daily weather forecast that they have no control over. Thats how things should be.
I’m hearing from the security researchers is follow that while the numbers are real, the vast majority are trivial. They say industry has prioritized, correctly in my opinion, spending their limited resources on high value, high risk vulnerabilities.
[dupe] Discussion on source: https://news.ycombinator.com/item?id=48240419