The Original Bug Bounty: Alfred Hobbs and the Great Lock Controversy of 1851There’s a recurring theme in the world of security, whether physical or digital: the assumption of invulnerability. It’s a dangerous…Mar 9Mar 9
On Project Zero’s 90+30 vulnerability disclosure policy changesI was asked a few questions by Lindsay O’Donnell of the awesome Decipher Bureau regarding Google Project Zero’s changes to their default…May 8, 2021May 8, 2021
My “office” setuptl;dr: If you want the tech list, jump straight to the middle. The front is about how choices were made and what I was optimizing for, and…Mar 28, 2021Mar 28, 2021
NIST: Vulnerability Disclosure as a Requirement for Every OrganizationThe NIST Cybersecurity Framework is a set of policies meant to help the private sector in strengthening their cybersecurity readiness and…Mar 8, 2021Mar 8, 2021
NIST SP 800–53 R5 adds Vulnerability Disclosure Programs to Federal Security and Privacy Controls |…What are the changes?Oct 7, 2020Oct 7, 2020
Information Asymmetry and the 1950s Nuclear BountyThe idea of a bounty (or, more specifically, payment-for-success incentives designed to reduce information asymmetry) predate…Sep 30, 2020Sep 30, 2020
Published indisclose.ioResponse to Voatz’s Supreme Court Amicus BriefSeptember 14, 2020Sep 24, 2020Sep 24, 2020