Security

Forbes: Accelerating secure software development

caseyjohnellis

09 Aug 2020 — 1 min read

7. Expect and plan for mistakes.
Expect mistakes, and plan to capture and mitigate them quickly. After all, to err is human. Establishing a vulnerability disclosure and/or bug bounty program to engage hackers to continuously assess newly cut code is an effective and scalable way to achieve this.
Casey Ellis, Bugcrowd

From Forbes, 11th August 2020

The AI security conversation is vast, dynamic, and — too often — imprecise. One person means AI-powered phishing. Another means adversarial attacks on models. Another means autonomous agents. Everyone says "AI security" and assumes they're talking about the same thing. They're usually not. I created this

Vulnerability economics

* Every vulnerability costs something to put there. * Every vulnerability costs something to discover. * Every vulnerability costs something to fix. * The exploitation of every vulnerability has a value associated with it.

No More Free-ish Bugs

There's a fresh conversation happening about the distinction between bug bounty programs and vulnerability disclosure programs. This is an area where the distinction between a bug bounty program (cash or cash equivalent proactively offered to the public) and a vulnerability disclosure program (which can optionally offer a thank-you

Next things...

Last Saturday Jan 31 was my last day "inside the tent" at Bugcrowd.

Forbes: Accelerating secure software development

caseyjohnellis

Read more

AI security: Tool, Target, Threat

Vulnerability economics

No More Free-ish Bugs

Next things...