Upcoming talks
Here’s some of the talks and events I’ll be at over the next few months:
Billington 10th Annual Cybersecurity Summit
September 4-5 2019
Washington DC
Hacker Halted (Keynote)
October 10-11 2019
Georgia, Atlanta
Read more
The Hitchhiker's Guide to Vulnerability Disclosure in 2026
Or: what a bunch of us have been saying since Mythos dropped, in three RSAC interviews and most of the hallway conversations in between. DON'T PANIC If you work in security, you've spent the last month and a half in a conversation that won't
Coordinated, Until It Isn't
Everyone has a take on Moksha's 89-vuln XAPI drop. Almost everyone misses the same thing: it wasn't one decision, it was four: go public, go Day-0, withhold patches from Citrix, lean into the "shittrix" frame. Coordinated disclosure runs on goodwill, and the goodwill runs out sometimes.
Thoughts on the #slopdemic
Move over #vulnpocalypse — there's a new term we need to talk about: the #slopdemic. AI didn't invent low-quality vuln reports, but it just turbocharged them, and F/OSS is drowning.
Continued Monitoring of the Situation
Birbs, week two — what the system got wrong, four times, and what came back from the dead Follow-up to "Monitoring the Situation — The Internet of Birbs" When I hit publish on the birbs post last Wednesday, I described an "AI-powered nest monitor" with a straight face.