Vulnerability economics
* Every vulnerability costs something to put there. * Every vulnerability costs something to discover. * Every vulnerability costs something to fix. * The exploitation of every vulnerability has a value associated with it.
First Principles: Bad guys are humans, they're creative and driven, and they don't quit.
Here's the bigger question: If we do finally achieve 100% success in automating cyber defense, will the "bad guys" pack their stuff up and go home?
Hacker Summer Camp 2025 - People, Places, and Things
A little photo diary of Hacker Summer Camp 2025.
Founders Helping Founders: When Known Vulnerabilities are Life or Death
On today’s episode, Jon Sakoda speaks with Casey on the early economics of paying people to hack companies, criminal creativity, and why founders need to fix their known vulnerabilities.
What You Give Away Might Be Worth More Than What You Keep
The sticking point is the word "free". If you do happen to get stuck there (and a lot of things will push you in that direction), a lot of the magic in the decision math gets missed. Everything has a Give and a Get and, if you're doing it right, nothing is ever given away for free.
If a tech solution falls in the forest...
A solution disconnected from it's problem isn't actually solving anything.
What the Netflix ‘Zero Day’ series got right about incident response
That said, the widespread nature of the effects shown in the six-part series are definitely plausible. Industrial control systems and the infrastructure that supports them are riddled with zero-day vulnerabilities, alongside the more common "known, yet unpatched" n-day vulnerabilities.
Bug Bounties, The Wanted Poster For Ethical Hackers - Future Secured Episode 35
Crowdsourced security empowers ethical hackers to protect digital assets, reshaping cybersecurity. Casey Ellis encourages entrepreneurs to lead with resilience, delegate wisely, prioritize health, and embrace innovation amid chaos for lasting impact and scalable success.
The Original Bug Bounty: Alfred Hobbs and the Great Lock Controversy of 1851
Alfred Hobbs: The OG bug bounty hunter who cracked England’s ‘unpick-able’ locks. His breaker mindset exposed flaws, sparked innovation, and proved no system is perfect.
NEBULA:FOG:PRIME – AI x Security Panel Discussion
It was an privilege to participate on this panel at the NEBULA:FOG:PRIME AI x Security Hackathon event on the 25th of January.
A few security predictions for 2025
It's that time of year again... Here are a few trends that I see making their presence felt in 2025 - These are a work in progress, and I might expand on a few of these: 1. Peacetime cyber vs. wartime cyber: 10 years from now, we'
Some thoughts about Typhoons
What's the deal with Volt Typhoon, Salt Typhoon, and Flax Typhoon - and what do we need to do?
You're Soaking In It: Systemic Cyber Struggles
Synopsis In this episode of Resilient Cyber Chris Hughes chats with Cyber industry veterans and long-time leaders Wendy Nather and Casey Ellis about systemic cyber struggles, issues that still plague us over the years, and some of the economic incentives at play (or not) when it comes to cybersecurity. Casey