Nov 22, 2024 ∞

🔒 The 2024 edition of CWE Top 25 is published:

“But what about the OWASP Top 10?” Think of the OWASP list as more of an engagement and learning tool.

The CWE 25 can more effectively be used as a target list to build your evaluation, mitigation, and prevention.

Nov 12, 2024 ∞

🔒 Big improvements to calls in Signal: call links

Nov 4, 2024 ∞

🔒 Look ma, I clean up okay!

Oct 25, 2024 ∞

🔒🥃 Hey, you know how security teams are the worst and nobody wants to work with them?

Anyway, this is a signed going away present from the engineering platform and architecture leaders.

Definitely a keeper, even after it’s empty.

GlenDronach port wood bottle. “Thanks for everything. Good luck!” signed by 10 people in silver marker.

Oct 22, 2024 ∞

🔒 I’m at the CSO Conferencece and Awards.

Tomorrow, my team will be accepting a CSO50 award for our security automation platform that supports 4000 engineers and 7000 applications.

I’ve since left the company, but am here supporting my previous team. Proud of them!

Oct 5, 2024 ∞

🔒 Banks: practice internet safety!

Also banks: we won’t let you login if you are blocking junk in your browser or using a VPN

Sep 27, 2024 ∞

🔒 The opportunity: application threat modeling & secure design review is one of the highest value appsec/prodsec activities, but is hard to implement efficiently and at scale.

A bad solution: provide a long list of controls that need to be checked each time

A better solution: generate relevant security requirements automatically based on what’s being built

Met with primesec yesterday, and this is what they are trying to do! They are using LLM to read what’s in your user stories (etc.), summarizing the work for the security team, and injecting specific security control requirements.

If this catches even a small portion of the real requirements, it would be a major uplift for teams both from a security and efficiency perspective. Looking forward to checking it out.

Sep 26, 2024 ∞

🔒 Met with the folks from Pangea yesterday.

Looks like it could be an interesting solution for:

small developer orgs that don’t have time or expertise to deal with common security needs
large developer orgs that need consistency, scale, and governance of their security capabilities

Sep 25, 2024 ∞

🔒 Just left Silicon Valley Bank.

Did not know they still existed!

Sep 25, 2024 ∞

I’m at AppSec San Francisco this week.

Mute that “🔒” tagmoji if you don’t want to hear about it.

Send me a message if you want to meet up.

Jun 22, 2024 ∞

📚 The Coddling of the American Mind

Read: The Coddling of the American Mind by Greg Lukianoff and Jonathan Haidt

Recommended

My Reading Highlights and Notes

INTRODUCTION The Search for Wisdom

Read More →

Mar 31, 2024 ∞

🔒 OSS backdoors: the folly of the easy fix - lcamtuf’s thing

Even when it comes to lesser threats, the bottom line is that we have untold trillions of dollars riding on top of code developed by hobbyists. The companies profiting from this infrastructure can afford to thoroughly vet and monitor key dependencies on behalf of the community. To be sure, a comprehensive solution would be a difficult and costly undertaking — but it’s not any harder or costlier than large language models or self-driving cars.

Mar 27, 2024 ∞

🔒 Martin University adds cybersecurity and data analytic programs - Indianapolis Recorder

Feb 9, 2024 ∞

🔒 Guest lectured again. Had to be remote because COVID. The professor has a habit of getting a shot when I have a funny line on the slides.

Last time I was doing code/bug examples and my slide said “what could go wrong?”

This one is talking about rules of engagement and responsible disclosure.

Dec 6, 2023 ∞

🔒 23andMe wants us to accept new terms that change their “Dispute Resolution and Arbitration” process. I wonder what might have spurred that change?

Nov 23, 2023 ∞

How many of these can you answer about the bioregion where you live?

It seems appropriate that these questions came up (during my daily highlights review) on a colonial holiday. May we re-orient ourselves to deep connection over superficial exploitation.

Point north.
What time is sunset today?
Trace the water you drink from rainfall to your tap.
When you flush, where do the solids go? What happens to the waste water?
How many feet above sea level are you?
What spring wildflower is consistently among the first to bloom here?
How far do you have to travel before you reach a different watershed? Can you draw the boundaries of yours?
Is the soil under your feet, more clay, sand, rock or silt?
Before your tribe lived here, what did the previous inhabitants eat and how did they sustain themselves?
Name five native edible plants in your neighborhood and the season(s) they are available.
From what direction do storms generally come?
Where does your garbage go?
How many people live in your watershed?
Who uses the paper/plastic you recycle from your neighborhood?
Point to where the sun sets on the equinox. How about sunrise on the summer solstice?
Where is the nearest earthquake fault? When did it last move?
Right here, how deep do you have to drill before you reach water?
Which (if any) geological features in your watershed are, or were, especially respected by your community, or considered sacred, now or in the past?
How many days is the growing season here (from frost to frost)?
Name five birds that live here. Which are migratory and which stay put?
What was the total rainfall here last year?
Where does the pollution in your air come from?
If you live near the ocean, when is high tide today?
What primary geological processes or events shaped the land here?
Name three wild species that were not found here 500 years ago. Name one exotic species that has appeared in the last 5 years.
What minerals are found in the ground here that are (or were) economically valuable?
Where does your electric power come from and how is it generated?
After the rain runs off your roof, where does it go?
Where is the nearest wilderness? When was the last time a fire burned through it?
How many days till the moon is full?

The Bigger Here Bonus Questions:

What species once found here are known to have gone extinct?
What other cities or landscape features on the planet share your latitude?
What was the dominant land cover plant here 10,000 years ago?
Name two places on different continents that have similar sunshine/rainfall/wind and temperature patterns to here.

source

Jul 27, 2023 ∞

Indiana lawmakers could further dilute state wetlands protections following SCOTUS decision

As our weather gets worse, politicians do, too?

Jul 5, 2023 ∞

🕊️♻️ Good workshop on Climate Anxiety, Hope, and Resilience this morning. #MennoCon23

Once again I made the call to reorient our conferences and districts to our watersheds.

Mar 24, 2023 ∞

The White River Alliance is issuing an urgent action request to protect Indiana wetlands. This is important for flood & drought management, ecosystems, biodiversity, and much more.

A surprise amendment aimed at further reducing protection of wetlands in Indiana was added to unrelated Senate Bill 414 yesterday (March 22).&10;Ironically, this amendment to SB 414 comes only a few months after the Indiana Wetland Task Force issued its report emphasizing that Indiana could not afford to lose any more wetlands.&10;Our state legislators need to hear from constituents who want wetlands protected. Please reach out to vour state representative as soon as possible, and urge them to OPPOSE this legislation or to remove the wetland language.&10;This bill could be considered by the full Indiana House as soon as Monday, March 27, - so time is of the essence!

Feb 15, 2023 ∞

Positive legislative update courtesy of White River Alliance, regarding HB1639.