Recently there was a thread on Twitter I stuck my nose into about appsec and why it doesn’t work. I … More
Category: Security
Why you can’t backdoor cryptography
Once again the topic of backdooring cryptography is in the news. The same people will fight the same fight. Again. … More
The security of dependencies
So you’ve written some software. It’s full of open source dependencies. These days all software is full of open source, … More
Supplying the supply chain
A long time ago Marc Andreessen said “software is eating the world”. This statement ended up being quite profound in … More
Security isn’t a feature
As CES draws to a close, I’ve seen more than one security person complain that nobody at the show was … More
Misguided misguidings over the EU bug bounty
The EU recently announced they are going to sponsor a security bug bounty program for 14 open source projects in … More
What’s up with backdoored npm packages?
This is just how open source works, and that’s OK
