The technical heart: vulnerability research, disclosure, threat analysis, the craft of finding and fixing
Security
During Hacker Summer Camp, I was asked "where do you, uh, live now and stuff" a lot. Forgive this slightly indulgent post, but I wanted to blog a little bit of our story, and some of the thinking that went into executing our trans-pacific COVID bug-in back in 2020.
Security
Here's a list of the talks that I'm going to get myself along to at Blackhat and DEF CON this year, and why...
Security
I usually write a piece for first-timers and newbies on how to get the most out of Hacker Summer Camp and how to stay safe digitally and physically. This tradition began in the early days of Bugcrowd, when DEF CON was part of new-hire induction.
Security
Casey Ellis, founder and CTO at Bugcrowd, said bug bounty hunters are ultimately entrepreneurs in their own right.
![[TRANSCRIPT] Threats that may have gone unnoticed by organizations during the pandemic](https://storage.ghost.io/c/ec/8a/ec8abb38-39b9-4422-95b9-695b2a5e652e/content/images/size/w600/2021/08/Screen-Shot-2021-08-28-at-9.34.21-PM.png)
Security
Casey Ellis, the founder, chairman and CTO of Bugcrowd, told SC Media Senior Reporter Joe Uchill that companies should think about the various threat scenarios that emerged over the last year that they may have missed as employees return to the office environment.
![[TRANSCRIPT] Threat hunting in the age of work-from-home](https://storage.ghost.io/c/ec/8a/ec8abb38-39b9-4422-95b9-695b2a5e652e/content/images/size/w600/2021/08/Screen-Shot-2021-08-28-at-9.35.35-PM.png)
Security
Casey Ellis, the founder, chairman and CTO of Bugcrowd, told SC Media Senior Reporter Joe Uchill that there’s always going to be corporate infrastructure that provides information for a threat hunter, such as VPN, antivirus, and endpoint detection and response.
Security
On this roundtable episode of IT Visionaries, we explore the impact A.I. and technology are having on society and cybersecurity with Casey Ellis, the founder and CTO of Bugcrowd and Malcolm Harkins, a cybersecurity advisor, coach and board member.
Security
After hearing "vulnerability" and "threat" used interchangeably for a >9,000th time I decided to do something about it, and the Bar Fight Risk Taxonomy was born.
Security
Google is acknowledging the increasing prevalence of n-day exploitation in the wild, particularly over the past 18 months (e.g. the CISA/NSA memo) have taken their next step in refining how they strike balance between these forces.
Security
Title: Security Research and Disclosure: The Unauthorized Biography | Casey John Ellis | Nullcon Conference March 2021
Security
The fact that insecure software pipelines are exploitable feels a little like the idea that bugs exist in old F/OSS code, or that a chip design might not be 100% perfect. It's almost QED - but in the defensive realm, people weren't looking there.
Security
I know you do security stuff with computers and my Twitter/Facebook/Instagram/etc has been hacked! It's posting all kinds of strange stuff that isn't from me. What do I do to stop this???