caseyjohnellis - caseyjohnellis

[TRANSCRIPT] Security Research and Disclosure: The Unauthorized Biography - Nullcon March 2021

Title: Security Research and Disclosure: The Unauthorized Biography | Casey John Ellis | Nullcon Conference March 2021

My "office" setup

As WFH was going from novel to normal, the thought occurred to me that "virtual semiotics" was quickly going to become a thing... The equivalent of the how to dress, where to sit, how to speak type advice executives get taught, but for a world which is virtual by default.

vulnerability disclosure

TRANSCRIPT: Responsible Disclosure Programs with Katie Moussouris & Casey Ellis | 401 Access Denied Ep. 22

Katie Moussouris, Founder & CEO of Luta Security and Casey Ellis, Founder & CTO of Bugcrowd join Joe and Mike to talk all things responsibility disclosure – the good, the bad, and the ugly.

disclose.io

Establishing asset ownership in vulnerability reporting

The thing I see people get wrong most frequently in vulnerability reporting is being able to answer the question of ownership and "where to report my findings." Here are some practical tips for establishing ownership and thereby identifying the appropriate coordinator to contact.

vulnerability disclosure

Modes of Public Vulnerability Disclosure

A proposed taxonomy...Discovery: A finder discovers a vulnerability in an organization.Documentation: The finder generates information about the vulnerability in a vulnerability report.Distribution: The finder then chooses whether

becausemath

A thought re vulnerability research clustering

The fact that insecure software pipelines are exploitable feels a little like the idea that bugs exist in old F/OSS code, or that a chip design might not be 100% perfect. It's almost QED - but in the defensive realm, people weren't looking there.

election security

Krebs Has A Posse Swag on Redbubble

“Krebs has a Posse” stickers/swag are starting to circulate in North America, but I still get asked for them a lot, so here 'tis, in Redbubble store form!

thoughtops

Help! My Social Media has been hacked!

I know you do security stuff with computers and my Twitter/Facebook/Instagram/etc has been hacked! It's posting all kinds of strange stuff that isn't from me. What do I do to stop this???

thoughtops

Outrage is cheap

Outrage is cheap and of fleeting value. Introspection and change are expensive, precious, and resilient... and very easy to miss if everything is the other guy’s fault.

thoughtops

2020 Lernings for Make Benefit Glorious Year of 2021

My family and I are straight-up blessed with how we've fared this year, and I'm incredibly thankful for the myriad of people and things - but whichever way you cut it, 2020 was a dense and challenging year and not one I’d rush to repeat.

disclose.io

Transcription: [Van Buren v. United States] Oral Argument

The Supreme Court heard oral argument in Van Buren v. United States, a case concerning a statute of the Computer Fraud and Abuse Act (CFAA) and violations of terms of service agreements.

election security

DEF CON endorsed by POTUS!

Great news everyone: After years of steady work and deliberate improvement of relationships and trust between the hacker community and government officials, we've made it to the apex of the American org chart!

Krebs Has A Posse

press

How the Pandemic is Reshaping the Bug Bounty Landscape

Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more.

thoughtops

The Third-Quarter

"I'm exactly the same as I was nine months ago, but I'm also completely different."

press

VentureBeat: How ethical hackers are trying to protect the 2020 U.S. elections

“All software is vulnerable,” Bugcrowd CTO Casey Ellis said. “It just depends on how long you’re taking to look to find those vulnerabilities. Humans write code, and humans make mistakes.”

cybersecurity

Data is the new oil: Breach edition

Data is the new oil... It spills everywhere, trashes the environment, and is impossible to clean up. Think before you store.

bugcrowd

Cyber Talk Episode 14 w/ Pratik Dabhi

Cyber Talk EP14 - Casey Ellis talks about entrepreneurship, motivation, cybersecurity & @Bugcrowd

history

Vulnerability annihilation since 1851

"What Hobbs had in mind was not the usual cajoling of a provincial bank into an upgrade, but exposing weaknesses in the British Empire itself by revealing the faults of one of Day and Newell’s competitors."

election security

Iowa launches vulnerability disclosure program for election-related sites

The State of Iowa has partnered with Bugcrowd to launch a vulnerability disclosure program on election infrastructure.

history

Information Asymmetry and the 1950s Nuclear Bounty

Props to Matt Ploessel for calling out this one... I'd not heard of a bounty around nuclear weapons until today.

startups

Are you making a Walkman? Or an iPod?

When the walkman was introduced, it created a category. It's brand also became the term of description for that category.

policy

NIST SP 800-53 R5 adds Vulnerability Disclosure Programs

NIST SP 800-53 Revision 5 is yet another step towards the legitimization of the Internet’s Immune System. Everyone who has worked on legitimizing the work of good-faith hackers for the past 30 years or more can feel encouraged by this release.

thoughtops

Quick note for mentees

Seasoned experts get as much out of the “feet on the street” insights and energy of younger mentee as the mentee gets from their wisdom of the mentor.

thoughtops

4 Questions for Leaders

I had a coach share this with me a little while back and it resonated - It's a valuable and simple framework, and a good set of questions to always be in a position to answer.

Subscribe to caseyjohnellis