cybersecurity Data is the new oil: Breach edition Data is the new oil... It spills everywhere, trashes the environment, and is impossible to clean up. Think before you store.
bugcrowd Cyber Talk Episode 14 w/ Pratik Dabhi Cyber Talk EP14 - Casey Ellis talks about entrepreneurship, motivation, cybersecurity & @Bugcrowd
history Vulnerability annihilation since 1851 "What Hobbs had in mind was not the usual cajoling of a provincial bank into an upgrade, but exposing weaknesses in the British Empire itself by revealing the faults of one of Day and Newell’s competitors."
election security Iowa launches vulnerability disclosure program for election-related sites The State of Iowa has partnered with Bugcrowd to launch a vulnerability disclosure program on election infrastructure.
history Information Asymmetry and the 1950s Nuclear Bounty Props to Matt Ploessel for calling out this one... I'd not heard of a bounty around nuclear weapons until today.
startups Are you making a Walkman? Or an iPod? When the walkman was introduced, it created a category. It's brand also became the term of description for that category.
policy NIST SP 800-53 R5 adds Vulnerability Disclosure Programs NIST SP 800-53 Revision 5 is yet another step towards the legitimization of the Internet’s Immune System. Everyone who has worked on legitimizing the work of good-faith hackers for the past 30 years or more can feel encouraged by this release.
thoughtops Quick note for mentees Seasoned experts get as much out of the “feet on the street” insights and energy of younger mentee as the mentee gets from their wisdom of the mentor.
thoughtops 4 Questions for Leaders I had a coach share this with me a little while back and it resonated - It's a valuable and simple framework, and a good set of questions to always be in a position to answer.
press Techcrunch: Use ‘productive paranoia’ to build cybersecurity culture at your startup At TechCrunch Early Stage, we asked Casey Ellis, founder, chairman and chief technology officer at Bugcrowd, to share his ideas for how startups can improve their security posture.
bugcrowd Public Comment from Casey Ellis, Bugcrowd re DRAFT BOD 20-01 Dear Director Krebs and CISA/DHS team, Thank you for the opportunity to comment on this Binding Operational Directive...
press Forbes: Accelerating secure software development 7. Expect and plan for mistakes. Expect mistakes, and plan to capture and mitigate them quickly. After all, to err is human. Establishing a vulnerability disclosure and/or bug bounty
policy Disclose.io, VDP, Hackers, and voting About 18 months ago, I sat in Capitol Hill with a bunch of other badasses including Matt Blaze, Kimber Dowsett, Jack Cable, Alexander Romero, Leonard Bailey, and others, and talked to voting machine manufacturers and US states.
cybersecurity Help! I've found a vulnerability. What now? "You've just found a bug on a company's website. What are the first three to five things you'll try in order to establish contact with them?"
research WTF is happening on tcp:0? 2020 edition - Update 1 tl;dr: 0.06% of the publicly-addressable IPv4 space is listening to and responding on TCP Port 0. Why? idk…
research WTF is happening on tcp:0? 2020 edition tl;dr: 0.06% of the publicly-addressable IPv4 space is listening to and responding on TCP Port 0. Why? idk…
cybersecurity A few good cybersecurity companies I spend a lot of time looking at cybersecurity solutions and companies, partly on request, and partly because it always fascinates me to see people are attempting to solve big problems.
black lives matter On not being not-racist An active problem needs an active opposing response, a passive response will always allow the aggressor to succeed in the end.
startups First principles Simple is strong. Respect is key. Build it like you own it. Don’t be valuable, create value. Think like a hacker. 360-degree accountability.
cybersecurity To err is human - Kerckhoff's Principle in Software Transparency Shannon and Kerckhoff were pioneers of disclosure thinking — They understand the concept of “build it like it’s broken”. This was especially true in WWII cryptography, but it’s becoming increasingly clear in it’s relevance to the “peacetime” software that we use today.
bugcrowd Hacking styles Broadly, there are two things that come into play when it comes to the style a person applies to hacking: The level of experience, and the overall wiring of the hacker.
covid19 A message to folks providing "free testing" at the moment TLDR: If you’re performing any active, unsanctioned testing on healthcare systems: Please stop it. Don’t make their job any harder than it is right now.
covid19 COVID-19/Coronavirus - What are the bad guys up to? As expected, the covid19 pandemic has out brought some of the Internet’s worst. I’ve been working with several groups to information share and fight back on this stuff, including the COVID-19 CTI Group.
covid19 Changes You know that awkward thing at the moment when you see someone and go to shake their hand or hug them, then pull away… and then feel like a jerk because of the implied social signal? Is this bow too close?Literally the entire
startups The importance of delivering well In general, people like to be think they have the ability to assess risk… you see it in kids jumping over puddles, you see it in adults with the stock market. Society looks up to those who’ve taken a measured gamble and won,
