qarmstrong on Nostr: Agreed, SOC is for the more mature players which is why I’m hesitant to even offer ...
Agreed, SOC is for the more mature players which is why I’m hesitant to even offer that tbh. Consultancy and pen testing aren’t IMHO and can apply to more or less any project generally.
For the past couple years, I’ve been voluntarily testing a ton of projects/businesses (more in the Bitcoin space) and discreetly reaching out to them when I’ve found issues/vulnerabilities/logical failings. They’ve been responsive but whether there’s appetite to actually enlist people to do this professionally/regularly I’m unsure due to many of them being startups. That’s another reason why I want to enter the space because it’s so fucking expensive to get a basic security test.
You raise a good point regarding open POW. As I’ve always worked behind NDAs on projects (mainly to protect them), working open source hasn’t come second nature to me. But I definitely need to broaden my horizons more so will check out the above feature request! Cheers for being a sounding board too 😊
For the past couple years, I’ve been voluntarily testing a ton of projects/businesses (more in the Bitcoin space) and discreetly reaching out to them when I’ve found issues/vulnerabilities/logical failings. They’ve been responsive but whether there’s appetite to actually enlist people to do this professionally/regularly I’m unsure due to many of them being startups. That’s another reason why I want to enter the space because it’s so fucking expensive to get a basic security test.
You raise a good point regarding open POW. As I’ve always worked behind NDAs on projects (mainly to protect them), working open source hasn’t come second nature to me. But I definitely need to broaden my horizons more so will check out the above feature request! Cheers for being a sounding board too 😊