caseyjohnellisOn Project Zero’s 90+30 vulnerability disclosure policy changesI was asked a few questions by Lindsay O’Donnell of the awesome Decipher Bureau regarding Google Project Zero’s changes to their default…May 8, 2021May 8, 2021
caseyjohnellisMy “office” setuptl;dr: If you want the tech list, jump straight to the middle. The front is about how choices were made and what I was optimizing for, and…Mar 28, 2021Mar 28, 2021
caseyjohnellisNIST: Vulnerability Disclosure as a Requirement for Every OrganizationThe NIST Cybersecurity Framework is a set of policies meant to help the private sector in strengthening their cybersecurity readiness and…Mar 8, 2021Mar 8, 2021
caseyjohnellisNIST SP 800–53 R5 adds Vulnerability Disclosure Programs to Federal Security and Privacy Controls |…What are the changes?Oct 7, 2020Oct 7, 2020
caseyjohnellisInformation Asymmetry and the 1950s Nuclear BountyThe idea of a bounty (or, more specifically, payment-for-success incentives designed to reduce information asymmetry) predate…Sep 30, 2020Sep 30, 2020
caseyjohnellisindisclose.ioResponse to Voatz’s Supreme Court Amicus BriefSeptember 14, 2020Sep 24, 2020Sep 24, 2020
caseyjohnellisOnline-voting company pushes to make it harder for researchers to find security flawsThis story is part of Elections 2020, CNET’s coverage of the run-up to voting in November.Sep 3, 2020Sep 3, 2020