Data is the new oil: Breach edition
Data is the new oil... It spills everywhere, trashes the environment, and is impossible to clean up. Think before you store.
Read more
AI security: Tool, Target, Threat
The AI security conversation is vast, dynamic, and — too often — imprecise. One person means AI-powered phishing. Another means adversarial attacks on models. Another means autonomous agents. Everyone says "AI security" and assumes they're talking about the same thing. They're usually not. I created this
Vulnerability economics
* Every vulnerability costs something to put there. * Every vulnerability costs something to discover. * Every vulnerability costs something to fix. * The exploitation of every vulnerability has a value associated with it.
No More Free-ish Bugs
There's a fresh conversation happening about the distinction between bug bounty programs and vulnerability disclosure programs. This is an area where the distinction between a bug bounty program (cash or cash equivalent proactively offered to the public) and a vulnerability disclosure program (which can optionally offer a thank-you
Next things...
Last Saturday Jan 31 was my last day "inside the tent" at Bugcrowd.