Why it sucks to be a Security Researcher
Egor Homakov

Agreed re the problem.

Actually, the problem is bigger: there’s no time not for security only, but for usability, testing and refactoring as well. For a overwhelming majority of projects.

Because as you said, developers have a great amount of critical tasks at every moment. And if you break their app by demonstrating some vulnerability, you’ll be assigned as a root of disaster at the first place.

This can be explained by a strong competition on a modern IT market — you should be faster then others no matter what.

So the solution, for me, is to:

  • (super hard) find (create) project/team which pays strong attention to every aspect of a development process, and try to became part of this team;
  • (hard) find (create) project/team which pays strong attention to one of the aspects and promote it as a project’s advantage. Such as a Signal (or more popular Telegram) in a terms of security.
One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.