Security

The Nth Country Experiment and Coincident Vulnerability Discovery

Interesting food for thought when applied to coincident vulnerability discovery. Especially for highly impactful bugs...

Thoughts on the #slopdemic

Move over #vulnpocalypse — there's a new term we need to talk about: the #slopdemic. AI didn't invent low-quality vuln reports, but it just turbocharged them, and F/OSS is drowning.

Continued Monitoring of the Situation

Birbs, week two — what the system got wrong, four times, and what came back from the dead Follow-up to "Monitoring the Situation — The Internet of Birbs" When I hit publish on the birbs post last Wednesday, I described an "AI-powered nest monitor" with a straight face.

The top five turtles in a stack of 50

As an industry we're focused on the top five turtles in a stack of 50. AI for defense and code review matters — we need to be doing it — but it gets the most attention because it gets the most funding because it's the most visible. Meanwhile

Cryptographically enforced disclosure

Been playing around with the idea of cryptographically enforced disclosure. You disclose something — there's a CVD timeline and a fallback date. At the fallback, it all goes on the blockchain, with a drand-triggered encryption key as the dead-man switch. No one can say "we're just

Read more

Thoughts on the #slopdemic

Continued Monitoring of the Situation

The top five turtles in a stack of 50

Cryptographically enforced disclosure