Dailydave mailing list archives

Re: Defense ?

From: Alfonso De Gregorio via Dailydave <dailydave () lists aitelfoundation org>
Date: Sun, 16 Nov 2025 11:14:18 +0000

On Sun, Nov 16, 2025 at 10:16 AM Dave Aitel via Dailydave
<dailydave () lists aitelfoundation org> wrote:


How would one actually move the actual bar in defense? A big part of me thinks that you're just not going to patch 
your way out of the problem. But the number of organizations that you can rely on to actually make a difference seems 
pretty small? Like even converting every Linux binary to rust would only make sense if you could find a team that 
could actually maintain and support that code base, which I don't know that you could.

Like in a sense, what you have to do is completely rebuild how you're building software and have the large language 
model be the intermediary for everything?


Imbalances in the skills and workforce are real. The gap remains hard
to bridge also in the presence of greater degrees of automation that
AI buys us, because, at this stage, we want humans to be in the loop –
and for good reasons – and, also, cause we are not going to grow the
skillset faster than the attack surface, I am afraid.

I hate to sound like a broken record, but I will take a bite
regardless: those imbalances are a byproduct of the information
asymmetries that, from an historical point of view, have been
favouring offense. To actually move the bar in defense, devising
clever tech is not enough. Rather it entails aligning the incentives –
here we are, I said it again.

Now, those of you that know me may be familiar with the market
approaches I had attempted in my past life. But, more substantially
today, the bar is being moved by the regulatory framework that is
eventually maturing. First we do rethink the accountability, and
liability, model in place, then the technical work can be sorted out.
To be clear, it is not going to be free. But, vulnerabilities have
been inflicting us a price to pay, and for a long time now. Hence, it
is time that a matter of concern becomes which stakeholders will bear
'the real cost of insecure software' in the future.

-- Alfonso
_______________________________________________
Dailydave mailing list -- dailydave () lists aitelfoundation org
To unsubscribe send an email to dailydave-leave () lists aitelfoundation org

Current thread:

Defense ? Dave Aitel via Dailydave (Nov 15)
- Re: Defense ? Conan Dooley via Dailydave (Nov 16)
- Re: Defense ? Alfonso De Gregorio via Dailydave (Nov 16)
- Re: Defense ? Chris Anley via Dailydave (Nov 16)
- Re: Defense ? Dean Pierce via Dailydave (Nov 16)
- <Possible follow-ups>
- Re: Defense ? etojake--- via Dailydave (Nov 16)