Part 1: Is your security scanner running? You better go catch it!

This post is the first part in a series on automated security scanners. I explain some of the ideas and goals in the intro post, rather than rehashing that post as filler, just go read it, rehashing content isn’t exciting. There are different kinds of security scanners, but the problem with all of them isContinue reading “Part 1: Is your security scanner running? You better go catch it!”

Supplying the supply chain

A long time ago Marc Andreessen said “software is eating the world”. This statement ended up being quite profound in hindsight, as most profound statements are. At the time nobody really understood what he meant and it probably wasn’t until the public cloud caught on that it became something nobody could ignore. The future ofContinue reading “Supplying the supply chain”

Misguided misguidings over the EU bug bounty

The EU recently announced they are going to sponsor a security bug bounty program for 14 open source projects in 2019. There has been quite a bit of buzz about this program in all the usual places. The opinions are all over the place. Some people wonder why those 14, some wonder why not more.Continue reading “Misguided misguidings over the EU bug bounty”