>is this lack of secops understanding, lack of genuine concern, or something else?
Even if they were to path the provided list, it sounds like the problem runs deeper. In that case there's not much you can do unless you're at a higher up position within the actual org.
There's probably nothing you can realistically do (except spread the word, of course). Most pen testing just isn't that sexy. The likely result that will draw in public interest is that eventually they will have a major public security issue. It's that simple, and sometimes it's just a matter of time.
There is a chance that the biggest problems are localized at the interface between the company and public, and in that case getting the higher ups to be aware of the severity of the deficiency (both culturally and technically) could change things, but it's likely you're going to find the same thing when you climb the ladder...
Yeah, exactly. It isn't. At one point, someone in their team sent me a internal DDOS audit for the sui application. And basically said "no problems". Erm.
What’s ironic is that Aptos (their supposed arch nemesis) came back clean as a whistle on our first pass. Yet it’s Sui always "out there winning" because of their massive marketing spend.
That said, I started publishing the node scores to the blockchain and someone did ask me if they should move their staked funds from one that was sub-standard.... Yes, you should.
Quite... Also, simpler than that, don’t even need 51%! At ~33% you hit the Byzantine limit and consensus dies. And I doubt anyone running one of these validators knows what a backup is.
>is this lack of secops understanding, lack of genuine concern, or something else?
Even if they were to path the provided list, it sounds like the problem runs deeper. In that case there's not much you can do unless you're at a higher up position within the actual org.
There's probably nothing you can realistically do (except spread the word, of course). Most pen testing just isn't that sexy. The likely result that will draw in public interest is that eventually they will have a major public security issue. It's that simple, and sometimes it's just a matter of time.
There is a chance that the biggest problems are localized at the interface between the company and public, and in that case getting the higher ups to be aware of the severity of the deficiency (both culturally and technically) could change things, but it's likely you're going to find the same thing when you climb the ladder...
Yeah, exactly. It isn't. At one point, someone in their team sent me a internal DDOS audit for the sui application. And basically said "no problems". Erm.
What’s ironic is that Aptos (their supposed arch nemesis) came back clean as a whistle on our first pass. Yet it’s Sui always "out there winning" because of their massive marketing spend.
That said, I started publishing the node scores to the blockchain and someone did ask me if they should move their staked funds from one that was sub-standard.... Yes, you should.
51% them and send everyone's coin to burn address
Quite... Also, simpler than that, don’t even need 51%! At ~33% you hit the Byzantine limit and consensus dies. And I doubt anyone running one of these validators knows what a backup is.