undefined | Better HN

0 pointslayer825d ago0 comments

Finding a vulnerability in a black box is drastically different from finding one in a white box. This isn’t about whether there is a vulnerability or not, but about the likelihood of it being found.

0 comments

ygjb25d ago

No it isn't. There is a tooling gap, and there is a skill gap, but both of those are being rapidly closed by both open and closed source projects.

LLMs, and tools built to use them, are violating a lot of assumptions these days.

thombles24d ago

It's a meaningful difference for SaaS. Most likely an attacker doesn't have access to your running binary let alone source code, and if they probe it like a pentester would it will be noisy and blocked/flagged by your WAF.

j / k navigate · click thread line to collapse

0 comments

ygjb25d ago

No it isn't. There is a tooling gap, and there is a skill gap, but both of those are being rapidly closed by both open and closed source projects.

LLMs, and tools built to use them, are violating a lot of assumptions these days.

thombles24d ago

j / k navigate · click thread line to collapse