This is interesting in light of the way things have been going the last few years in the Web Browser front. Web browsers have gotten remarkably good at complex sandboxing and multiple layers of defenses. They supposedly run many advanced vulnerability scanners, automated testing, etc. Yet they’re still stuck in the same “penetrate and patch” cycle. Are they bad software? Is the attack surface just too big? Too many resources being directed at penetrating it? I wonder if there’s a way forward for the web browser to get away from the apparent constant stream of vulnerabilities.
Nice read even though he wasn’t right about hacking is cool will be dead in 10 years. But I can understand the attraction: breaking is easier than fixing, let alone designing so a lot of people chose the path the earliest satisfaction: pentesting. I’d love to see something like defcon for the blue team to emerge.