Skip to content
← home

tag

#learn

94 posts

Processing experience into insight - retrospectives, lessons

Policy

Responsible Disclosure Programs with Katie Moussouris & Casey Ellis | 401 Access Denied Ep. 22

Katie Moussouris, Founder & CEO of Luta Security and Casey Ellis, Founder & CTO of Bugcrowd join Joe and Mike to talk all things responsibility disclosure – the good, the bad, and the ugly.…

26 Feb 2021 · 59 min read
Policy

Establishing asset ownership in vulnerability reporting

The thing I see people get wrong most frequently in vulnerability reporting is being able to answer the question of ownership and "where to report my findings." Here are some practical tips for establishing ownership and thereby identifying the appropriate coordinator to contact.…

22 Feb 2021 · 3 min read
Policy

Modes of Public Vulnerability Disclosure

A proposed taxonomy... Discovery, Documentation, Distribution.…

20 Feb 2021 · 3 min read
Security

A thought re vulnerability research clustering

The fact that insecure software pipelines are exploitable feels a little like the idea that bugs exist in old F/OSS code, or that a chip design might not be 100% perfect. It's almost QED - but in the defensive realm, people weren't looking there.…

10 Feb 2021 · 3 min read
Security

Help! My Social Media has been hacked!

I know you do security stuff with computers and my Twitter/Facebook/Instagram/etc has been hacked! It's posting all kinds of strange stuff that isn't from me. What do I do to stop this???…

11 Jan 2021 · 7 min read
Personal

Outrage is cheap

Outrage is cheap and of fleeting value. Introspection and change are expensive, precious, and resilient... and very easy to miss if everything is the other guy’s fault.…

09 Jan 2021 · 2 min read
Personal

2020 Lernings for Make Benefit Glorious Year of 2021

My family and I are straight-up blessed with how we've fared this year, and I'm incredibly thankful for the myriad of people and things - but whichever way you cut it, 2020 was a dense and challenging year and not one I’d rush to repeat.…

31 Dec 2020 · 1 min read
Security

Van Buren v. United States — Oral Argument

The Supreme Court heard oral argument in Van Buren v. United States, a case concerning a statute of the Computer Fraud and Abuse Act (CFAA) and violations of terms of service agreements.…

01 Dec 2020 · 41 min read
Policy

DEF CON endorsed by POTUS!

Great news everyone: After years of steady work and deliberate improvement of relationships and trust between the hacker community and government officials, we've made it to the apex of the American org chart!…

14 Nov 2020 · 6 min read
Security

Krebs Has A Posse

14 Nov 2020 · 1 min read
Building

How the Pandemic is Reshaping the Bug Bounty Landscape

Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more.…

28 Oct 2020 · 2 min read
Personal

The Third-Quarter

"I'm exactly the same as I was nine months ago, but I'm also completely different."…

25 Oct 2020 · 1 min read