Learn
Processing experience into insight - retrospectives, lessons
My "office" setup
As WFH was going from novel to normal, the thought occurred to me that "virtual semiotics" was quickly going to become a thing... The equivalent of the how to dress, where to sit, how to speak type advice executives get taught, but for a world which is virtual by default.
NIST: Vulnerability Disclosure as a Requirement for Every Organization
What is the NIST Cybersecurity Framework? The NIST Cybersecurity Framework is a set of policies meant to help the private sector in strengthening their cybersecurity r
Responsible Disclosure Programs with Katie Moussouris & Casey Ellis | 401 Access Denied Ep. 22
Katie Moussouris, Founder & CEO of Luta Security and Casey Ellis, Founder & CTO of Bugcrowd join Joe and Mike to talk all things responsibility disclosure – the good, the bad, and the ugly.
Establishing asset ownership in vulnerability reporting
The thing I see people get wrong most frequently in vulnerability reporting is being able to answer the question of ownership and "where to report my findings." Here are some practical tips for establishing ownership and thereby identifying the appropriate coordinator to contact.
Modes of Public Vulnerability Disclosure
A proposed taxonomy... Discovery, Documentation, Distribution.
A thought re vulnerability research clustering
The fact that insecure software pipelines are exploitable feels a little like the idea that bugs exist in old F/OSS code, or that a chip design might not be 100% perfect. It's almost QED - but in the defensive realm, people weren't looking there.
Help! My Social Media has been hacked!
I know you do security stuff with computers and my Twitter/Facebook/Instagram/etc has been hacked! It's posting all kinds of strange stuff that isn't from me. What do I do to stop this???
Outrage is cheap
Outrage is cheap and of fleeting value. Introspection and change are expensive, precious, and resilient... and very easy to miss if everything is the other guy’s fault.
2020 Lernings for Make Benefit Glorious Year of 2021
My family and I are straight-up blessed with how we've fared this year, and I'm incredibly thankful for the myriad of people and things - but whichever way you cut it, 2020 was a dense and challenging year and not one I’d rush to repeat.
Van Buren v. United States — Oral Argument
The Supreme Court heard oral argument in Van Buren v. United States, a case concerning a statute of the Computer Fraud and Abuse Act (CFAA) and violations of terms of service agreements.
DEF CON endorsed by POTUS!
Great news everyone: After years of steady work and deliberate improvement of relationships and trust between the hacker community and government officials, we've made it to the apex of the American org chart!