AV_

You should never see an audit as a failure, regardless of the leaderboard or the money not earned. If you truly invested time and focus into understanding the protocol and searching for issues, you’ve already gained a lot. Knowledge compounds, and the results will follow. There are plenty of examples out there. Don't give up!

It’s 10 years in the future. Claude is down. DevOps can’t fix it because they don't have Claude. They track down an old homeless man, the one who lost everything because he refused to use AI. He’s the only one left who remembers what an if statement is. He refuses to help.

Whenever I don't understand how some part of the code works, I try to implement it myself. It works most of the time

We are advocating that security should never have been outsourced in the first place, but instead built in from the very beginning. But now we’re supposed to hand it over completely to AI agents? Come on, give me a break..

Being a programmer in the early 90s was great. Then they invented help files which meant no more browsing manuals for hours. Can you imagine? Half of all coding jobs died right there. Then OO made code reuse too easy and you could write in a few weeks what used to take months. Then Java had strong typing and GC, it got rid of most bugs -- no more hours figuring out a segfault -- we didn't even need QA guys! It all just worked! Coding was too easy. Then they fucking invented Python and made it even easier! Even biologists started coding for fs sake. Biologists! Can you believe that!?! Who would hire a programmer when even a biologist can write scripts in minutes -- without spending years understanding microcode and nand gates!?! You could just go to this web thingy and read like a 10 page tutorial and start coding. It was too much, it wasn't coding. Not the way I learned to love coding. I quit. Im glad I did. By the year 2005, 1,000% of programmers had been fired and that's why nobody makes money as a coder today. There's a lesson here. Let's all give up bc we know when knowledge work gets easier they always fire everyone. Always. Never fails. Not a single time. At least the government started giving everyone a hundred dollars a week in 1999 or we all would have starved to death.

@bytes032 I've spent more on food even when I was a student, lol

all of these cost of living posts are the worst scam how is someone spending 200 eur/monthly for food in europe lmao

@nisedo_ @nisedo_ DMed you

Contests are dying in part because fuzzing replaced them. Devs now run extensive fuzzing suites as the final step of their security process, whereas contests used to act as human fuzzers.

@adeolRxxxx @0x3b33 I don't make the rules

@_avoloder @0x3b33 Hell Na, I don’t wanna get bald lol

You were rejected because you were not from Bulgaria 😎

@adeolRxxxx @0x3b33 I've heard that getting bald will get you one step closer 😃

@0x3b33 What should I do to become Bulgarian asap😂🙂?

Sometimes I feel like we keep sharing resources, education, and other things, but only within our very closed circle. We’re also constantly fighting, competing, and posting bullshit marketing content when, truth be told, nobody outside that circle really cares. Also, everyone has an opinion, and we keep debating endlessly. The list goes on and it’s becoming tiresome.

Hi @CarterToB, I've sent you a DM. Could you take a look?

I get where you are coming from, but from my experience this is a wrong take If a founder is surprised by the cost of an audit right before going live, it’s usually a sign they don’t understand that security is inherently part of their product. You have to design sustainability and profit with security costs in mind There are also a ton of levers teams can use (reduced scope, internal security, grants / DAO programs, etc), but they need to be considered strategically and ahead of time, not at the last minute For example, you can spread the cost by first releasing a minimal set of features with reduced complexity, get the first audits paid via a DAO, and wait for more funding or market validation before building something more complex. And again it's a founder's responsibility to think about all of that What you’re describing (fast iteration without security considerations) is actually closer to what we had a few years ago, and the result was a lot of hacks, people losing funds, and a ton of mistrust in the industry So if users ask for audits it's because the stakes are high and history taught them to, not because security researchers force teams to do it. There are a lot of bad actors that exploit the mistakes made by teams that ship too fast, and they are responsible for the ask about audits, not the other way around And also, yes, security researchers are costly. But it's hard to get and maintain the skills needed, and it's not a job for everyone

@CarterToB @trailofbits Wishing you all the best @CarterToB. I have sent a DM, can you please check it out? Thanks

Today is my last day at @trailofbits after four years leading recruiting. What a ride! I've had the privilege of helping build an incredible team. Talented security engineers, researchers, GTM, and operational folks who make Trail of Bits the special place it is. The bar is high here (as most of you know lol), and I never got tired of watching new hires come in and immediately make an impact. Thank you to my colleagues for the partnership, the trust, and all the laughs along the way. I'm leaving extremely proud of what we built together. I'm excited for what's next, and I'll share more on where I'm headed in a few weeks. Stay tuned!!

@immunefi @__nnez Mindblowing 🤯 Congrats legend @__nnez

$380,000 earned from a single critical bug report. A little bit curiosity and persistence can totally change your future. But you have to put in the work. Just like Immunefi All Star @__nnez did. Thanks to nnez for keeping the space secure with us! Pledge IMU behind nnez here to earn IMU when he finds bugs: immunefi.com/pledge/nnez

@rv_inc @_avoloder 😄🫡

Gm, as we prepare to announce some updates on Kontrol, Simbolik, & KaaS to kick-off 2026, we are on the lookout for the next wave of collaboration partners 👀 Tag a security researcher or a dev deserving of having their contributions amplified! Who still needs one of these 👇

Some serious biology knowledge needed to solve the captcha nowadays 😄

@gowtham_ponnana @muellerberndt Hey @gowtham_ponnana, can you check your dms please

@muellerberndt Downloaded onto my remarkable! Gonna complete it soon, there were some really niche topics worth reading.

@0xaudron @VitalikButerin Someone needs to create a demand for all of us SRs, right? 😄

@VitalikButerin SocialFi sucks tbh, with the level of security, one should never register. Make "hacking SocialFi" legal for a day, and I'll show you what I can do. Idk, even junior dev can code better, imho.

In 2026, I plan to be fully back to decentralized social. If we want a better society, we need better mass communication tools. We need mass communication tools that surface the best information and arguments and help people find points of agreement. We need mass communication tools that serve the user's long-term interest, not maximize short-term engagement. There is no simple trick that solves these problems. But there is one important place to start: more competition. Decentralization is the way to enable that: a shared data layer, with anyone being able to build their own client on top. In fact, since the start of the year I've been back to decentralized social already. Every post I've made this year, or read this year, I made or read with firefly.social, a multi-client that covers reading and posting to X, Lens, Farcaster and Bluesky (though bluesky has a 300 char limit, so they don't get to see my beautiful long rants). But crypto social projects has often gone the wrong way. Too often, we in crypto think that if you insert a speculative coin into something, that counts as "innovating", and moves the world forward. Mixing money and social is not inherently wrong: Substack shows that it's possible to create an economy that supports very high-quality content. But Substack is about _subscribing to creators_, not _creating price bubbles around them_. Over the past decade, we have seen many many attempts at incentivizing creators by creating price bubbles around them, and all fail by (i) rewarding not content quality, but pre-existing social capital, and (ii) the tokens all going to zero after one or two years anyway. Too many people make galaxy-brained arguments that creating new markets and new assets is automatically good because it "elicits information", when the rest of their product development actions clearly betray that they're not actually interested in maximizing people's ability to benefit from that information. That is not Hayekian info-utopia, that is corposlop. Hence, decentralized social should be run by people who deeply believe in the "social" part, and are motivated first and foremost by solving the problems of social. The Aave team has done a great job stewarding Lens up to this point. I'm excited about what will happen to Lens over the next year, because I think the new team coming in are people who actually are interested in the "social": even back when the decentralized social space barely existed, they were trying to figure out how to do encrypted tweets. I plan to post more there this year. I encourage everyone to spend more time in Lens, Farcaster and the broader decentralized social world this year. We need to move beyond everyone constantly tweeting inside a single global info warzone, and into a reopened frontier, where new and better forms of interaction become possible.

Vibe coding is the future 🤣

@arsen_bt Defendor

I want to start a community dedicated to Web3 security auditors. It's becoming harder to enter the field and find complex, valid bugs. This will be a space for sharpening security skills, studying attack patterns, real exploits, and current attack techniques. Comment "Defendor" if you want to join and I'll DM the link

@infosec_us_team Is 2027 a bug? 😄 Should it be "#1 in 2026"?