So, I'm thinking, let's make an infosec product that's nothing but attack surface. Seriously: just one big, fat parser. No, wait - even better: a veritable fscking *multitude* of parsers. A parser for every conceivable format, container, or syntax that can possibly express malicious intent. And if something new comes along that can't be parsed, well, we'll add whatever we need so it can parse that too.
Which means, let's just forget about building it all with just one well-tested technology platform. No, if we want to parse ALL the things, we're going to need the most diverse ecosystem possible: ALL the languages. ALL the runtimes. ALL the wonky-ass under-tested open-source libraries. And then, when we've built the all-cracking, all-decoding, all-munging, all-tree-walking parser of the world, are we going to just leave it to languish in some highly-filtered network segment where anomalous traffic is so seldom seen as to be in danger of standing out? And waste such a glorious tool in the backwater of some cloistered cardholder data environment? NEVER. No, the computing world's ultimate monument to attack surface can only be properly honored by the thing it was made for: EXPOSURE. Put it on the network boundary! No, better still, take ALL your network boundary segments, and funnel them to a single span port! GIVE PARSERSAURICUS ALL YOUR TRAFFIC! PARSERSAURICUS HUNGERS. PARSERSAURICUS. MUST. CONSUME.
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
