| ▲ | Peer_Rich 17 hours ago | |||||||||||||
hey cofounder here. since it takes my 16 year old neighbors son 15 mins and $100 claude code credits to hack your open source project | ||||||||||||||
| ▲ | simonw 16 hours ago | parent | next [-] | |||||||||||||
Are you at all worried that the message you are spreading here is "We are no longer confident in our own ability to secure your data?" | ||||||||||||||
| ||||||||||||||
| ▲ | doytch 16 hours ago | parent | prev | next [-] | |||||||||||||
Right, but those capabilities are available to you as well. Granted the remediation effort will take longer but...you're going to do that for any existing issues _anyway_ right? I understand why this is a tempting thing to do in a "STOP THE PRESSES" manner where you take a breather and fix any existing issues that snuck through. I don't yet understand why when you reach steady-state, you wouldn't rely on the same tooling in a proactive manner to prevent issues from being shipped. And if you say "yeah, that's obv the plan," well then I don't understand what going closed-source _now_ actually accomplishes with the horses already out of the barn. | ||||||||||||||
| ||||||||||||||
| ▲ | toast0 16 hours ago | parent | prev | next [-] | |||||||||||||
I don't think this really helps that much. Your neighbor could ask an LLM to decompile your binaries, and then run security analysis on the results. If the tool correctly says you've got security issues, trying to hide them won't work. You still have the security issues and someone is going to find them. | ||||||||||||||
| ||||||||||||||
| ▲ | wild_egg 16 hours ago | parent | prev | next [-] | |||||||||||||
It only takes 20 minutes and $200 to hack a closed source one too though. LLMs are ludicrously good at using reverse engineering tools and having source available to inspect just makes it slightly more convenient. | ||||||||||||||
| ||||||||||||||
| ▲ | sambaumann 16 hours ago | parent | prev | next [-] | |||||||||||||
Couldn't you just spend those $100 on claude code credits yourself and make sure you're not shipping insecure software? Security by obscurity is not the correct model (IMO) | ||||||||||||||
| ▲ | bayindirh 16 hours ago | parent | prev | next [-] | |||||||||||||
Why not can’t you (as in Cal.com) spend that amount of money and find vulnerabilities yourself? You can keep the untested branch closed if you want to go with “cathedral” model, even. | ||||||||||||||
| ▲ | senko 16 hours ago | parent | prev | next [-] | |||||||||||||
What makes you think it'll take him more than 16 mins and $110 claude code credits to hack your closed source project? | ||||||||||||||
| ▲ | otabdeveloper4 11 hours ago | parent | prev | next [-] | |||||||||||||
No it doesn't. Have you been actually "hacked"? | ||||||||||||||
| ▲ | bakugo 16 hours ago | parent | prev | next [-] | |||||||||||||
*This comment sponsored by Anthropic | ||||||||||||||
| ▲ | hypeatei 16 hours ago | parent | prev | next [-] | |||||||||||||
> neighbors son 15 mins and $100 claude code credits Is that true? Didn't the Mythos release say they spent $20k? I'm also skeptical of Anthropic here doing essentially what amounts to "vague posting" in an attempt scare everyone and drive up their value before IPO. | ||||||||||||||
| ▲ | discordianfish 16 hours ago | parent | prev | next [-] | |||||||||||||
Please, go ahead! | ||||||||||||||
| ▲ | pdntspa 16 hours ago | parent | prev | next [-] | |||||||||||||
whooptie fuggin doo, then spend $200 on finding and fixing the issues before you push your commits to the cloud | ||||||||||||||
| ▲ | ErroneousBosh 16 hours ago | parent | prev [-] | |||||||||||||
> since it takes my 16 year old neighbors son 15 mins and $100 claude code credits to hack your open source project To what end? You can just look at the code. It's right there. You don't need to "hack" anything. If you want to "hack on it", you're welcome to do so. Would you like to take a look at some of my open-source projects your neighbour's kid might like to hack on? | ||||||||||||||