In Case You Haven’t Heard, These Cloud and Big Data Things are REALLY Cool

Having spent the last 10 years or so working with technology on a day-to-day basis, I thought I’d seen a good deal of “Woah, that is cool” moments. These moments range from just discovering modern day technology (the fact that companies made billions on database software blew my much younger mind for about a week) to more niche discoveries (my first identified SQL Injection vulnerability was a doozie, and I didn’t even know it had a name until two years later!)

Security Debt and Vulnerability Supply Chains

I thought the vendor testing angle could be interesting. We had just launched our VAST program so the topic made our marketing folks happy, but also because I think the supply chain analogy can be an interesting lens to view the security industry. We can think about the software supply chain as the vulnerability supply chain.

Software Security Needs Its Nate Silver

Nate Silver, the rock star statistician behind the New York Times FiveThirtyEight blog, became an unwilling player in the heated political rhetoric ahead of the Nov 6. Presidential election. Silver covers politics and other news from the viewpoint of a statistician: putting the rhetoric and the political consultant’s alchemy aside to look at the numbers.

Help Veracoders Raise Money for Movember

What is Movember?

“Since its humble beginnings in Melbourne, Australia, Movember has grown to become a truly global movement inspiring more than 1.9 Million Mo Bros and Mo Sistas to participate with formal campaigns in Australia, New Zealand, the US, Canada, the UK, South Africa, Ireland, Finland, the Netherlands, Spain, Denmark, Norway, Belgium and the Czech Republic. In addition, Movember is aware of Mo Bros and Mo Sistas supporting the campaign and men’s health cause across the globe..

Verifiable Voting Loses (Again) On Election Day

Tuesday’s Presidential election in the U.S. didn’t result in deadlocked vote counts, hanging chads or court challenges. But all the ingredients were there. First among them: a hackeneyed and insecure vote collection system that fails to protect the integrity of votes.

Automation, Dog Food and a Security State of Mind

Something unusual happened recently: I found an XSS problem in the web application controlling our security scans.

Let’s set the stage; I started using the Internet before it was called the Internet. I had some informal security training in college and graduate school, but when I started my first job my boss said “I’m going to make you a security expert.” I’ve used that security training, and kept learning more, in the jobs I’ve had in the thirty years since then.

Security Headers on the Top 1,000,000 Websites

I would like to share with you all the results of my scan and review of the Alexa Top 1,000,000 Sites HTTP response headers as they relate to security. I was mostly curious about which sites were using Content Security Policy (CSP) but ended up becoming more interested in all of the various modern day security headers that sites specify. The results were pretty impressive and I certainly learned a lot from it.

1 26 27 28 29 30 68