On Project Zero’s 90+30 vulnerability disclosure policy changesI was asked a few questions by Lindsay O’Donnell of the awesome Decipher Bureau regarding Google Project Zero’s changes to their default…May 8, 2021May 8, 2021
My “office” setuptl;dr: If you want the tech list, jump straight to the middle. The front is about how choices were made and what I was optimizing for, and…Mar 28, 2021Mar 28, 2021
NIST: Vulnerability Disclosure as a Requirement for Every OrganizationThe NIST Cybersecurity Framework is a set of policies meant to help the private sector in strengthening their cybersecurity readiness and…Mar 8, 2021Mar 8, 2021
NIST SP 800–53 R5 adds Vulnerability Disclosure Programs to Federal Security and Privacy Controls |…What are the changes?Oct 7, 2020Oct 7, 2020
Information Asymmetry and the 1950s Nuclear BountyThe idea of a bounty (or, more specifically, payment-for-success incentives designed to reduce information asymmetry) predate…Sep 30, 2020Sep 30, 2020
Published indisclose.ioResponse to Voatz’s Supreme Court Amicus BriefSeptember 14, 2020Sep 24, 2020Sep 24, 2020
Online-voting company pushes to make it harder for researchers to find security flawsThis story is part of Elections 2020, CNET’s coverage of the run-up to voting in November.Sep 3, 2020Sep 3, 2020