There's so much much lower hanging fruit. Every job I've had has had basically everything massively out of date. Just keeping packages and framework versions up to date is a full time job and none of these companies have someone assigned to doing it.
replySo much out of date software with known exploits left running for years. The only reason there hasn't been total disaster is no one has tried to hack it yet.
Right and with AI now we have the ability to try hacking everything all at once.
replyYes, exactly, that’s the main change. And not just in a script kiddy way. What we see now is LLM + experts can develop extremely complex exploit chains in no time. It’s one thing to exploit a known vulnerability that you can patch by upgrading your Wordpress, it’s something else when the attacker is able to completely take over your systems in ways you didn’t even consider was possible and adapt in 1 day to your attempts at patching
replyFor now, after the dust settles all of the low hanging fruit will have been patched and we will have hurried up the move to safer languages.
replyThe root problem is the world runs on C code that is riddled with vulnerabilities.