The Bar Fight Risk Taxonomy
After hearing "vulnerability" and "threat" used interchangeably for a >9,000th time I decided to do something about it, and the Bar Fight Risk Taxonomy was born.
The iOS FaceTime vulnerability: What it means and what you can do to protect yourself
Yesterday news broke that a bug in FaceTime that allows callers to listen to the audio of the person they
Election Security 2020: Don’t Let Disinformation Undermine Your Right to Vote
A tweet of a voting machine that “looks like” it’s infected by ransomware could be as effective at deterring voter turnout and confidence as the real deal, which is a cost-effective and asymmetric means to manipulate election results.
On Project Zero's 90+30 vulnerability disclosure policy changes
Google is acknowledging the increasing prevalence of n-day exploitation in the wild, particularly over the past 18 months (e.g. the CISA/NSA memo) have taken their next step in refining how they strike balance between these forces.
NIST: Vulnerability Disclosure as a Requirement for Every Organization
What is the NIST Cybersecurity Framework?
The NIST Cybersecurity Framework is a set of policies meant to help the private
Responsible Disclosure Programs with Katie Moussouris & Casey Ellis | 401 Access Denied Ep. 22
Katie Moussouris, Founder & CEO of Luta Security and Casey Ellis, Founder & CTO of Bugcrowd join Joe and Mike to talk all things responsibility disclosure – the good, the bad, and the ugly.
Help! My Social Media has been hacked!
I know you do security stuff with computers and my Twitter/Facebook/Instagram/etc has been hacked! It's posting all kinds of strange stuff that isn't from me. What do I do to stop this???
Van Buren v. United States - Oral Argument
The Supreme Court heard oral argument in Van Buren v. United States, a case concerning a statute of the Computer Fraud and Abuse Act (CFAA) and violations of terms of service agreements.
DEF CON endorsed by POTUS!
Great news everyone: After years of steady work and deliberate improvement of relationships and trust between the hacker community and government officials, we've made it to the apex of the American org chart!
VentureBeat: How ethical hackers are trying to protect the 2020 U.S. elections
“All software is vulnerable,” Bugcrowd CTO Casey Ellis said. “It just depends on how long you’re taking to look to find those vulnerabilities. Humans write code, and humans make mistakes.”
