alt Hacker News> to harden a system you need to spend more tokens discovering exploits than attackers will spend exploiting them.
That can't be right, can it? Given stable software, the relative attack surface keeps shrinking. Mythos does not produce exploits. Should be defenders advantage, token wise, no?
Replies
> Mythos does not produce exploits.
AI in general will, don't worry. "Move fast and break things" makes more exploits than "move steadily and fix things" does.
So long as that OSS keeps accumulating features, there isn't quite the equilibrium you're imagining. If you can pin to a stable version, which continues to audited, you're fine. But if the rest of the world moves on to newer versions of the software, you'll have to as well, unless you want to own the burden of hardening older versions.
It’s the classic asymmetric warfare problem:
Defenders have to find all the holes in all their systems, while attackers just need to find one hole in one system.