Hard-working but naive developers are a little known but highly dangerous soft spot in an organisation that attackers can exploit.
This is according to Rich Jones, co-founder of security consultancy Gun.io. Speaking at the 2020 Disclosure conference, Jones outlined how the trust many developers put in their software stacks and shared code, paired with a disturbing lack of online savvy, can make them easy pickings for hackers.
"Systems are generally hardened - they have patches, they have firewalls, they have monitoring," Jones explained, "but [some] developers will run literally any bullshit they find on Stack Overflow. They keep credentials lying about, they're obviously going to have the source code and some production data sitting on their hardware as well."
As one example of the tactic, Jones pointed to the July attack at Twitter in which employees busted targeting servers hotness pwning targeted poisoned stacks
