Skip to content
← home

tag

#learn

94 posts

Processing experience into insight - retrospectives, lessons

Security

Where the bloody hell were you — The Great 2020 COVID Bug-In

During Hacker Summer Camp, I was asked "where do you, uh, live now and stuff" a lot. Forgive this slightly indulgent post, but I wanted to blog a little bit of our story, and some of the thinking that went into executing our trans-pacific COVID bug-in back in 2020.…

20 Aug 2022 · 9 min read
Security

Two-thirds of ethical hackers considering bug bounty hunting as a full-time career

Casey Ellis, founder and CTO at Bugcrowd, said bug bounty hunters are ultimately entrepreneurs in their own right.…

30 May 2022 · 1 min read
Security

The Bar Fight Risk Taxonomy

After hearing "vulnerability" and "threat" used interchangeably for a >9,000th time I decided to do something about it, and the Bar Fight Risk Taxonomy was born.…

26 Jun 2021 · 4 min read
Building

My "office" setup — Part 2

This is a follow up from https://cje.io/2021/03/28/my-office-setup which is worth reading first if you haven't yet... Everything in Part 1 is still in play - Part 2 talks through some optimizations and a couple of additions.…

22 May 2021 · 4 min read
Building

Bugcrowd at AusCERT2021

AusCERT 2021 was a hybrid conference this year, and one of the first Australian cybersecurity conferences to resume in real life after the onset of the COVID pandemic. I was there representing Bugcrowd across three (!) separate sessions.…

19 May 2021 · 1 min read
Policy

How Governments are Running Effective Bug Bounty Programs

If you’re reading this article, statistically speaking your organization might be getting hacked. In the private sector, the Equifax hack and Intel’s…

16 May 2021 · 2 min read
Building

On disclosure, confidentiality, and norms…

A few weeks ago I was tagged by Art Manion of the CERT Coordination Center (CERT/CC) in a tweet asking about Bugcrowd’s…

16 May 2021 · 3 min read
Policy

Election Security 2020: Don’t Let Disinformation Undermine Your Right to Vote

A tweet of a voting machine that “looks like” it’s infected by ransomware could be as effective at deterring voter turnout and confidence as the real deal, which is a cost-effective and asymmetric means to manipulate election results.…

16 May 2021 · 2 min read
Security

On Project Zero's 90+30 vulnerability disclosure policy changes

Google is acknowledging the increasing prevalence of n-day exploitation in the wild, particularly over the past 18 months (e.g. the CISA/NSA memo) have taken their next step in refining how they strike balance between these forces.…

08 May 2021 · 4 min read
Security

Security Research and Disclosure: The Unauthorized Biography — Nullcon March 2021

Title: Security Research and Disclosure: The Unauthorized Biography | Casey John Ellis | Nullcon Conference March 2021…

16 Apr 2021 · 31 min read
Personal

My "office" setup

As WFH was going from novel to normal, the thought occurred to me that "virtual semiotics" was quickly going to become a thing... The equivalent of the how to dress, where to sit, how to speak type advice executives get taught, but for a world which is virtual by default.…

28 Mar 2021 · 9 min read
Policy

NIST: Vulnerability Disclosure as a Requirement for Every Organization

What is the NIST Cybersecurity  Framework? The NIST Cybersecurity Framework is a set of policies meant to help the private sector in strengthening their…

08 Mar 2021 · 2 min read