> If this is a topic you’re interested in, there’s a discord chocked full of people discussing vulnerability things, feel free to join.

Are open-source-y type infosec people choosing Discord?

The modern infosec scene has shockingly little in common with the old school cypherpunk / hacker scene, besides appropriating the aesthetics and lingo.

Many of the people in it are even pro-information-censorship, pro-government, pro-intelligence-agencies, pro-big tech, etc. They have zero concerns about proprietary software, they trust Microsoft, they trust Google/Alphabet, they trust their government.

In my experience talking with these types, many of the same ones hysterical about MITRE's taxpayer-funded contract ending have seemingly never ever heard of OSVDB - the idea of a community-run vulnerability database is foreign to them. They seem to believe that it's simply not possible for a non-government-funded entity to perform this kind of work without commercialization.

Offensive Security - the company behind the OSCP, OSEP (formerly OSCE), and OSEE - have their official, primary support through Discord first, their own forums second.

Some. Others are on Matrix. The type of people you're thinking of are either interested in secure development (programmers with a security interest) or cryptography. Either they choose wherever the project's chat platform is or it's discord typically.

Discord provides the feature set people are used to. Therefore, it gets used.

Today's programmers got into it through Minecraft modding or similar. IRC, mailing lists, and forums just don't cut it for them. By contrast, the retrocomputing scene -- full of aging Xers -- often conducts its activities through Web 1.0 style forums.