Pinned
I've spent every day for the last 14 months building a language for scripting LLMs because I believe we need new primitives to defend against prompt injection.
Here's why:
Sock
2,778 posts
Sock
@sockdrawermoney
compsci will collapse into two bitter lessons. bitter lesson of security: it’s bitterly hard—forever. cofounded `npm audit`, @code4rena. frontierist. optimist.
Joined February 2021
- I don’t normally make personal asks of the @code4rena community, but I have a big one to make. I’ve really pushed the C4 team so hard this year and especially this quarter. It’s been a wild last couple months. There’s so much stuff happening behind the scenes to get ready for an
- Average days to awarding on @Code4rena over the last 22 months. Getting faster all the time. Our judges and CAs kick ass. @cloudellie and @itsmetechjay just keep driving things faster. Looking forward to seeing these numbers after the optimizations @0xtotem’s work has added.
- 💯💯 to @zksync for competitive auditor airdrop If your project wants to incentivize tons of security pros to care about your protocol and ecosystem security, reach out to @code4rena — we’d love to help you do this, too. Looking forward to helping make more of this happen.
- Replying to @TheWavexyz @0xMackenzieM and 2 othersI’d prefer not to spend any energy debating this as I see no merit in it and the extremely narrow audience can make up their own minds, but I can fast forward it. I can point to evidence that LSW alters competition incentives without even guaranteeing meaningful participation;
- I've been cooking.
- If you want to get really good at something, do it competitively. Be uncomfortable. Allow yourself to make mistakes. Measure your growth. Study what the best do. That’s why @code4rena works and has helped grow scores of top tier auditors and bounty hunters.
- so many auditswhat the hell even goes on here
- This is 100% why @code4rena didn’t drop lows even after competitors created marketing narrative that they only focus on serious issues. Not allowing low-severity issues in a competitive audit is a convenience to the platform, NOT an improvement of security outcomes for customersSunday reflection: contest that won't pay for low/info findings and why I think they shouldn't do that. Context: I'm participating in a contest that follows this rule. Unfortunately, I discovered it only once I had already submitted some of them (totally my fault to not have
- If you're interested in what I've been working on for 8 months all day every day and are willing to kick the tires before I put it out there publicly, send me a dm.
- Why did I stop worrying about competitive audit surges? Based on past experience, several things happen:
- Replying to @TrustSecAudits and @trust__90Main thing the world is full of is untapped talent :) Names we don’t know today will be leaders tomorrow. I’m excited for the opportunities people are getting who’ve been overlooked cos they had to claw over piles of bodies to drink at the awards fountain.
