tag
#learn
Processing experience into insight - retrospectives, lessons
Forbes: Accelerating secure software development
7. Expect and plan for mistakes. Expect mistakes, and plan to capture and mitigate them quickly. After all, to err is human. Establishing a…
NIST SP 800-53 R5 adds Vulnerability Disclosure Programs to Federal Security and Privacy Controls
Earlier this week, the National Institute of Science and Technology (NIST) released Revision 5 of NIST Special Publication (800–53) Guidelines Security and Privacy…
Help! I've found a vulnerability. What now?
"You've just found a bug on a company's website. What are the first three to five things you'll try in order to establish contact with them?"…
Disclose.io, VDP, Hackers, and voting
About 18 months ago, I sat in Capitol Hill with a bunch of other badasses including Matt Blaze, Kimber Dowsett, Jack Cable, Alexander Romero, Leonard Bailey, and others, and talked to voting machine manufacturers and US states.…
WTF is happening on tcp:0? 2020 edition — Update 1
tl;dr: 0.06% of the publicly-addressable IPv4 space is listening to and responding on TCP Port 0. Why? idk……
WTF is happening on tcp:0? 2020 edition
tl;dr: 0.06% of the publicly-addressable IPv4 space is listening to and responding on TCP Port 0. Why? idk……
A few good cybersecurity companies
I spend a lot of time looking at cybersecurity solutions and companies, partly on request, and partly because it always fascinates me to see people are attempting to solve big problems.…
On not being not-racist
An active problem needs an active opposing response, a passive response will always allow the aggressor to succeed in the end.…
First principles
Simple is strong. Respect is key. Build it like you own it. Don’t be valuable, create value. Think like a hacker. 360-degree accountability.…
Priority One: Insights into Submission and Payment Trends
2020: Chaos is a Ladder As 2020 comes to a close, I’ve started to see summaries of the year pop up, covering lessons…
To err is human — Kerckhoffs' Principle in Software Transparency
Shannon and Kerckhoff were pioneers of disclosure thinking — They understood the concept of “build it like it’s broken”. This was especially true in WWII cryptography, but it’s becoming increasingly clear in its relevance to the 'peacetime' software that we use today.…
Hacking styles
Broadly, there are two things that come into play when it comes to the style a person applies to hacking: The level of experience, and the overall wiring of the hacker.…