Forbes: Accelerating secure software development
7. Expect and plan for mistakes.
Expect mistakes, and plan to capture and mitigate them quickly. After all, to err
NIST SP 800-53 R5 adds Vulnerability Disclosure Programs to Federal Security and Privacy Controls
Earlier this week, the National Institute of Science and Technology (NIST) released Revision 5 of NIST Special Publication (800–53)
DEF CON Black Hat 2020: Top 10 Tips
While it feels illegal to hang out with your friends right now, the pandemic is no match for the dedicated
Disclose.io, VDP, Hackers, and voting
About 18 months ago, I sat in Capitol Hill with a bunch of other badasses including Matt Blaze, Kimber Dowsett, Jack Cable, Alexander Romero, Leonard Bailey, and others, and talked to voting machine manufacturers and US states.
Help! I've found a vulnerability. What now?
"You've just found a bug on a company's website. What are the first three to five things you'll try in order to establish contact with them?"
WTF is happening on tcp:0? 2020 edition
tl;dr: 0.06% of the publicly-addressable IPv4 space is listening to and responding on TCP Port 0. Why? idk…
Priority One: Insights into Submission and Payment Trends
2020: Chaos is a Ladder
As 2020 comes to a close, I’ve started to see summaries of the year
To err is human - Kerckhoffs' Principle in Software Transparency
Shannon and Kerckhoff were pioneers of disclosure thinking — They understood the concept of “build it like it’s broken”. This was especially true in WWII cryptography, but it’s becoming increasingly clear in its relevance to the 'peacetime' software that we use today.
Hacking styles
Broadly, there are two things that come into play when it comes to the style a person applies to hacking: The level of experience, and the overall wiring of the hacker.
A message to folks providing "free testing" at the moment
TLDR: If you’re performing any active, unsanctioned testing on healthcare systems: Please stop it. Don’t make their job any harder than it is right now.
