Building
Public Comment from Casey Ellis, Bugcrowd re DRAFT BOD 20-01
Dear Director Krebs and CISA/DHS team, Thank you for the opportunity to comment on this Binding Operational Directive...
Latest
Security
Forbes: Accelerating secure software development
7. Expect and plan for mistakes. Expect mistakes, and plan to capture and mitigate them quickly. After all, to err is human. Establishing a vulnerability disclosure and/or bug bounty program to engage hackers to continuously assess newly cut code is an effective and scalable way to achieve this. Casey
Policy
NIST SP 800-53 R5 adds Vulnerability Disclosure Programs to Federal Security and Privacy Controls
Earlier this week, the National Institute of Science and Technology (NIST) released Revision 5 of NIST Special Publication (800–53) Guidelines Security and Privacy Controls for Information Systems and Organizations. This revision makes a tremendous step toward bringing the role of good-faith security researchers (or, as they prefer to be
Security
DEF CON Black Hat 2020: Top 10 Tips
While it feels illegal to hang out with your friends right now, the pandemic is no match for the dedicated folks who unite for Black Hat and DEF CON every year. In 2020, both conferences are running virtually, highlighting the remarkable zeal with which security professionals and hackers continue to
Policy
Help! I've found a vulnerability. What now?
"You've just found a bug on a company's website. What are the first three to five things you'll try in order to establish contact with them?"
Policy
Disclose.io, VDP, Hackers, and voting
About 18 months ago, I sat in Capitol Hill with a bunch of other badasses including Matt Blaze, Kimber Dowsett, Jack Cable, Alexander Romero, Leonard Bailey, and others, and talked to voting machine manufacturers and US states.
Security
WTF is happening on tcp:0? 2020 edition - Update 1
tl;dr: 0.06% of the publicly-addressable IPv4 space is listening to and responding on TCP Port 0. Why? idk…
Building
WTF is happening on tcp:0? 2020 edition
tl;dr: 0.06% of the publicly-addressable IPv4 space is listening to and responding on TCP Port 0. Why? idk…
Security
A few good cybersecurity companies
I spend a lot of time looking at cybersecurity solutions and companies, partly on request, and partly because it always fascinates me to see people are attempting to solve big problems.
Personal
On not being not-racist
An active problem needs an active opposing response, a passive response will always allow the aggressor to succeed in the end.
Building
First principles
Simple is strong. Respect is key. Build it like you own it. Don’t be valuable, create value. Think like a hacker. 360-degree accountability.
Security
Priority One: Insights into Submission and Payment Trends
2020: Chaos is a Ladder As 2020 comes to a close, I’ve started to see summaries of the year pop up, covering lessons learned from the year nobody saw coming… As years go, 2020 was full of those! While I wish I could go back in time and tell