Or maybe snake oil is the wrong term. I don’t know if there’s a term for someone who warns others and they never listen, because it seems no matter how much you break into buildings and expose the flaws, hack a bank’s transaction, or infiltrate a database, the company will thank you, pay you a few hundred thousand dollars, then do nothing to change.

Essentially it just seems like I’m helping big companies bypass regulations by rubber stamping their pinky promises to change. I guess internal security auditing might be a little better, but I don’t know

  • mayo_cider [he/him]
    ·
    1 year ago

    Oops, I was high and thought you were talking just about physical penetration testing

    Software side is even worse, most of them just run a generic test sweep and catch a 15 year old vulnerability because you didn't think about security before the cool hacker guy showed you his terminal

    Still a cool grift though