And now, for something completely different!
I've always urged the importance for practitioners to understand the underlying technology that they're challenged with defending. When we're yelling at the Linux admins and DevOps folks to "just patch it", what does that process entail? How do those patches get applied? When and how are they released i...
Google replacing SMS with QR codes for authentication, MS pulls a VSCode extension due to red flags, threat modeling with TRAIL, threat modeling the Bybit hack, malicious models and malicious AMIs, and more!
Curl and libcurl are everywhere. Not only has the project maintained success for almost three decades now, but it's done that while being written in C. Daniel Stenberg talks about the challenges in dealing with appsec, the design philosophies that keep it secure, and fostering a community to create one of the most recognizable open source projects ...