I don’t necessarily disagree with this, but this is a new and relatively unproven method which is only a partial solution to a much wider task. And IMO it’s overly specific for the general problem at hand.
Security of lesswrong.com is not the same as finding, for example, places in the source code which would allow SQL injections. There’s much more to security, and LW should adopt a security paradigm it can support, given constraints around headcount and funding.
I don’t necessarily disagree with this, but this is a new and relatively unproven method which is only a partial solution to a much wider task. And IMO it’s overly specific for the general problem at hand.
Security of lesswrong.com is not the same as finding, for example, places in the source code which would allow SQL injections. There’s much more to security, and LW should adopt a security paradigm it can support, given constraints around headcount and funding.
I didn’t say it would be a complete solution.