Agreed, SOC is for the more mature players which is why I’m hesitant to even offer that tbh. Consultancy and pen testing aren’t IMHO and can apply to more or less any project generally.
For the past couple years, I’ve been voluntarily testing a ton of projects/businesses (more in the Bitcoin space) and discreetly reaching out to them when I’ve found issues/vulnerabilities/logical failings. They’ve been responsive but whether there’s appetite to actually enlist people to do this professionally/regularly I’m unsure due to many of them being startups. That’s another reason why I want to enter the space because it’s so fucking expensive to get a basic security test.
You raise a good point regarding open POW. As I’ve always worked behind NDAs on projects (mainly to protect them), working open source hasn’t come second nature to me. But I definitely need to broaden my horizons more so will check out the above feature request! Cheers for being a sounding board too 😊
qasarmstrong / Qas Armstrong
npub18w…tdcc7
2024-10-16 16:54:19
in reply to nevent1q…7nk9
Author Public Key
npub18w8v9x97hk7fawx46xp7tjxxeng3g3gdlkfdut94daa0j96mhaasntdcc7Published at
2024-10-16 16:54:19Event JSON
{
"id": "1015725a911ead2b63dcc176c973af1ef2a4b4ce4fbd6042481a8867836ae864",
"pubkey": "3b8ec298bebdbc9eb8d5d183e5c8c6ccd114450dfd92de2cb56f7af9175bbf7b",
"created_at": 1729097659,
"kind": 1,
"tags": [
[
"e",
"27d9f7420199c0063f101d9ddbe89c0fa5ac24aeccd08da996d830202af2a389",
"",
"root"
],
[
"e",
"415c0b88eb6c17f19a979cea3cd88e7461c9cd2ec33be0a081ecd2a6e6b5ec49",
"",
"reply"
],
[
"p",
"f2c96c97f6419a538f84cf3fa72e2194605e1848096e6e5170cce5b76799d400"
],
[
"p",
"17538dc2a62769d09443f18c37cbe358fab5bbf981173542aa7c5ff171ed77c4"
]
],
"content": "Agreed, SOC is for the more mature players which is why I’m hesitant to even offer that tbh. Consultancy and pen testing aren’t IMHO and can apply to more or less any project generally.\n\nFor the past couple years, I’ve been voluntarily testing a ton of projects/businesses (more in the Bitcoin space) and discreetly reaching out to them when I’ve found issues/vulnerabilities/logical failings. They’ve been responsive but whether there’s appetite to actually enlist people to do this professionally/regularly I’m unsure due to many of them being startups. That’s another reason why I want to enter the space because it’s so fucking expensive to get a basic security test.\n\nYou raise a good point regarding open POW. As I’ve always worked behind NDAs on projects (mainly to protect them), working open source hasn’t come second nature to me. But I definitely need to broaden my horizons more so will check out the above feature request! Cheers for being a sounding board too 😊",
"sig": "a88f73fd7433a0f302d9cd890d442707189ba10cdeacb4b8e7d4be688330c49c316a0f3c447464afe1af2fa66403936eff813acaac5975d39f6964a6978f6a66"
}