Login

u/security_bug_hunter

▲ 1 r/VibeCodingSaaS

Is your VSCode crashing with Claude Code too?

Folks I am kinda running into it atleast once daily.

I have Claude Code extension installed in VS Code and usually use 3-4 terminals at once.

It has been fairly stable last month or so, however recently I am seeing it getting stuck a lot.

Terminals just freeze.

I have to restart the VS Code to make it operational again.

Not to say the prompts are lost, and I have no clue how much work was done in last sessions leading to several dirty commits.

Any suggestions or help in how to fix this situation would be a huge help!

reddit.com
u/security_bug_hunter — 1 day ago
▲ 5 r/AskVibecoders

Is your VSCode crashing with Claude Code too?

Folks I am kinda running into it atleast once daily.

I have Claude Code extension installed in VS Code and usually use 3-4 terminals at once.

It has been fairly stable last month or so, however recently I am seeing it getting stuck a lot.

Terminals just freeze.

I have to restart the VS Code to make it operational again.

Not to say the prompts are lost, and I have no clue how much work was done in last sessions leading to several dirty commits.

Any suggestions or help in how to fix this situation would be a huge help!

reddit.com
u/security_bug_hunter — 1 day ago
▲ 17 r/cybersecurity

How "false" are false positives? Moving from a Hunter to an Architect mindset.

This has been bugging me lately. I have been on a defender team but with a very offensive mindset.

Most days, when I come across a Low vulnerability which just cannot be exploited but is a good practice, I'm pissed and I do not believe in it enough to ask my developers to fix it. I used to believe these should not be reported at all by the tools if they cannot be proven to be exploitable.

But then I came across Security Engineering books like the one by Ross Anderson and got a peek into the true defender mindset: How we assume breach. We want to build defense in depth so that if a privileged access is somehow attained, the impact is still low.

Funnily, when I report bugs which require some privilege, eg. an admin can do SSRF and call services hosted in the same network topology, the report is usually not taken seriously by the bug bounty analyst or the builder. They see "Admin" and essentially think "Game Over anyway."

I'm very keen to know your take on this: Do we want to know only the issues which are exploitable, or do we want to know each and every deviation from security best practice?

Where do we draw the line?

reddit.com
u/security_bug_hunter — 3 days ago