Security

Vulnerability economics

Every vulnerability costs something to put there.
Every vulnerability costs something to discover.
Every vulnerability costs something to fix.
The exploitation of every vulnerability has a value associated with it.

The top five turtles in a stack of 50

As an industry we're focused on the top five turtles in a stack of 50. AI for defense and code review matters — we need to be doing it — but it gets the most attention because it gets the most funding because it's the most visible. Meanwhile

Cryptographically enforced disclosure

Been playing around with the idea of cryptographically enforced disclosure. You disclose something — there's a CVD timeline and a fallback date. At the fallback, it all goes on the blockchain, with a drand-triggered encryption key as the dead-man switch. No one can say "we're just

Peacetime cyber versus wartime cyber

Peacetime cyber versus wartime cyber. We developed our cyber defense doctrine, policy, and technology through 10 years of peace and prosperity. We're now transitioning into austerity and warfare — what do we need to revisit? Throw the things that don't matter out the window, and start doing

Three pale-blue speckled House Finch eggs nestled in a cup of dried grass on a sunroom bookshelf

"Monitoring the Situation" - The Internet of Birbs

Two pale-blue speckled eggs on the sunroom bookshelf turned into three cameras, an Unraid NAS, two AI models, and a journal that writes itself every morning. None of it had to be useful — it just had to be possible. Because joy.

Read more

The top five turtles in a stack of 50

Cryptographically enforced disclosure

Peacetime cyber versus wartime cyber

"Monitoring the Situation" - The Internet of Birbs