npub19z…spj90 on Nostr: Fellow infosec folks: If I wanted to incentivize people to try and exploit Hubris, ...
Fellow infosec folks:
If I wanted to incentivize people to try and exploit Hubris, what should I do? What would you want to see?
While open source, the system is mostly used by Oxide, a for-profit company, so I would expect "am I doing this for free" to come up. Explicit threat model is also good. What else?
We've hired firms for this but with mixed results (they mostly know C). I wanna open it to everyone else. I would be _delighted_ to give guidance.
Boost away.
#infosec #rustlang
Published at
2024-04-06 02:32:14Event JSON
{
"id": "e664746a94d8ce8abd7baa00c4865d628152c515a8716e6278f8772a6f402f96",
"pubkey": "28a63c87dc548704b010a77b18468afd4214ccc4e4ce15a8e4e7e766fac533ce",
"created_at": 1712370734,
"kind": 1,
"tags": [
[
"t",
"infosec"
],
[
"t",
"rustlang"
],
[
"proxy",
"https://hachyderm.io/users/cliffle/statuses/112221928454309781",
"activitypub"
]
],
"content": "Fellow infosec folks:\n\nIf I wanted to incentivize people to try and exploit Hubris, what should I do? What would you want to see?\n\nWhile open source, the system is mostly used by Oxide, a for-profit company, so I would expect \"am I doing this for free\" to come up. Explicit threat model is also good. What else?\n\nWe've hired firms for this but with mixed results (they mostly know C). I wanna open it to everyone else. I would be _delighted_ to give guidance.\n\nBoost away.\n\n#infosec #rustlang",
"sig": "1bdbcdc223107e542f5879fa7a1b8ed6a815e680a12a0fa546c326fa567408f86815a0931ca87e2c16ec3a519d7dc476f710e7fd9bda1c9ccb052d2efaf34a3f"
}