tag
#learn
Processing experience into insight - retrospectives, lessons
VentureBeat: How ethical hackers are trying to protect the 2020 U.S. elections
“All software is vulnerable,” Bugcrowd CTO Casey Ellis said. “It just depends on how long you’re taking to look to find those vulnerabilities. Humans write code, and humans make mistakes.”…
Data is the new oil: Breach edition
Data is the new oil... It spills everywhere, trashes the environment, and is impossible to clean up. Think before you store.…
Vulnerability annihilation since 1851
"What Hobbs had in mind was not the usual cajoling of a provincial bank into an upgrade, but exposing weaknesses in the British Empire itself by revealing the faults of one of Day and Newell’s competitors."…
Information Asymmetry and the 1950s Nuclear Bounty
Props to Matt Ploessel for calling out this one... I'd not heard of a bounty around nuclear weapons until today.…
Are you making a Walkman? Or an iPod?
When the walkman was introduced, it created a category. It's brand also became the term of description for that category.…
NIST SP 800-53 R5 adds Vulnerability Disclosure Programs
NIST SP 800-53 Revision 5 is yet another step towards the legitimization of the Internet’s Immune System. Everyone who has worked on legitimizing the work of good-faith hackers for the past 30 years or more can feel encouraged by this release.…
Quick note for mentees
Seasoned experts get as much out of the “feet on the street” insights and energy of younger mentee as the mentee gets from their wisdom of the mentor.…
4 Questions for Leaders
I had a coach share this with me a little while back and it resonated - It's a valuable and simple framework, and a good set of questions to always be in a position to answer.…
Techcrunch: Use ‘productive paranoia’ to build cybersecurity culture at your startup
At TechCrunch Early Stage, we asked Casey Ellis, founder, chairman and chief technology officer at Bugcrowd, to share his ideas for how startups can improve their security posture.…
The Nth Country Experiment and Coincident Vulnerability Discovery
Nth Country Experiment - Nuclear MuseumCould any country with the right knowledge and technology build a nuclear bomb? From May 1964 to April 1967, the…
Group Letter re IoT Cybersecurity Improvement Act (H.R. 1668)
We the undersigned cybersecurity companies and professionals write to express strong support for the IoT Cybersecurity Improvement Act (H.R. 1668). We respectfully urge you and your colleagues to support expedited passage of the bill before the end of the 116th Congress.…
Public Comment from Casey Ellis, Bugcrowd re DRAFT BOD 20-01
Dear Director Krebs and CISA/DHS team, Thank you for the opportunity to comment on this Binding Operational Directive...…