What the Netflix ‘Zero Day’ series got right about incident response
That said, the widespread nature of the effects shown in the six-part series are definitely plausible. Industrial control systems and the infrastructure that supports them are riddled with zero-day vulnerabilities, alongside the more common "known, yet unpatched" n-day vulnerabilities.
A few security predictions for 2025
It's that time of year again... Here are a few trends that I see making their presence felt
9 Must-See Talks at #hackersummercamp 2022
Here's a list of the talks that I'm going to get myself along to at Blackhat and DEF CON this year, and why...
Digital and Personal Self-Care at #hackersummersamp - "New Normalish" Edition
I usually write a piece for first-timers and newbies on how to get the most out of Hacker Summer Camp and how to stay safe digitally and physically. This tradition began in the early days of Bugcrowd, when DEF CON was part of new-hire induction.
What are the security risks of open sourcing the Twitter algorithm?
What are the security risks of open sourcing the Twitter algorithm?Experts debate whether open source Twitter is a net
[TRANSCRIPT] Threats that may have gone unnoticed by organizations during the pandemic
Casey Ellis, the founder, chairman and CTO of Bugcrowd, told SC Media Senior Reporter Joe Uchill that companies should think about the various threat scenarios that emerged over the last year that they may have missed as employees return to the office environment.
[TRANSCRIPT] Threat hunting in the age of work-from-home
Casey Ellis, the founder, chairman and CTO of Bugcrowd, told SC Media Senior Reporter Joe Uchill that there’s always going to be corporate infrastructure that provides information for a threat hunter, such as VPN, antivirus, and endpoint detection and response.
The Bar Fight Risk Taxonomy
After hearing "vulnerability" and "threat" used interchangeably for a >9,000th time I decided to do something about it, and the Bar Fight Risk Taxonomy was born.
On Project Zero's 90+30 vulnerability disclosure policy changes
Google is acknowledging the increasing prevalence of n-day exploitation in the wild, particularly over the past 18 months (e.g. the CISA/NSA memo) have taken their next step in refining how they strike balance between these forces.
Establishing asset ownership in vulnerability reporting
The thing I see people get wrong most frequently in vulnerability reporting is being able to answer the question of ownership and "where to report my findings." Here are some practical tips for establishing ownership and thereby identifying the appropriate coordinator to contact.
![[TRANSCRIPT] Threats that may have gone unnoticed by organizations during the pandemic](/content/images/size/w750/2021/08/Screen-Shot-2021-08-28-at-9.34.21-PM.png)
![[TRANSCRIPT] Threat hunting in the age of work-from-home](/content/images/size/w750/2021/08/Screen-Shot-2021-08-28-at-9.35.35-PM.png)
