Skip to content
← home

tag

#learn

94 posts

Processing experience into insight - retrospectives, lessons

Security

Forbes: Accelerating secure software development

7. Expect and plan for mistakes. Expect mistakes, and plan to capture and mitigate them quickly. After all, to err is human. Establishing a…

09 Aug 2020 · 1 min read
Policy

NIST SP 800-53 R5 adds Vulnerability Disclosure Programs to Federal Security and Privacy Controls

Earlier this week, the National Institute of Science and Technology (NIST) released Revision 5 of NIST Special Publication (800–53) Guidelines Security and Privacy…

07 Aug 2020 · 4 min read
Policy

Help! I've found a vulnerability. What now?

"You've just found a bug on a company's website. What are the first three to five things you'll try in order to establish contact with them?"…

04 Aug 2020 · 1 min read
Policy

Disclose.io, VDP, Hackers, and voting

About 18 months ago, I sat in Capitol Hill with a bunch of other badasses including Matt Blaze, Kimber Dowsett, Jack Cable, Alexander Romero, Leonard Bailey, and others, and talked to voting machine manufacturers and US states.…

04 Aug 2020 · 2 min read
Security

WTF is happening on tcp:0? 2020 edition — Update 1

tl;dr: 0.06% of the publicly-addressable IPv4 space is listening to and responding on TCP Port 0. Why? idk……

03 Aug 2020 · 1 min read
Building

WTF is happening on tcp:0? 2020 edition

tl;dr: 0.06% of the publicly-addressable IPv4 space is listening to and responding on TCP Port 0. Why? idk……

29 Jul 2020 · 3 min read
Security

A few good cybersecurity companies

I spend a lot of time looking at cybersecurity solutions and companies, partly on request, and partly because it always fascinates me to see people are attempting to solve big problems.…

17 Jul 2020 · 4 min read
Personal

On not being not-racist

An active problem needs an active opposing response, a passive response will always allow the aggressor to succeed in the end.…

08 Jun 2020 · 2 min read
Building

First principles

Simple is strong. Respect is key. Build it like you own it. Don’t be valuable, create value. Think like a hacker. 360-degree accountability.…

26 May 2020 · 1 min read
Security

Priority One: Insights into Submission and Payment Trends

2020: Chaos is a Ladder As 2020 comes to a close, I’ve started to see summaries of the year pop up, covering lessons…

16 May 2020 · 3 min read
Security

To err is human — Kerckhoffs' Principle in Software Transparency

Shannon and Kerckhoff were pioneers of disclosure thinking — They understood the concept of “build it like it’s broken”. This was especially true in WWII cryptography, but it’s becoming increasingly clear in its relevance to the 'peacetime' software that we use today.…

08 Apr 2020 · 2 min read
Security

Hacking styles

Broadly, there are two things that come into play when it comes to the style a person applies to hacking: The level of experience, and the overall wiring of the hacker.…

29 Mar 2020 · 1 min read