caseyjohnellisOn Project Zero’s 90+30 vulnerability disclosure policy changesI was asked a few questions by Lindsay O’Donnell of the awesome Decipher Bureau regarding Google Project Zero’s changes to their default…5 min read·May 8, 2021----
caseyjohnellisMy “office” setuptl;dr: If you want the tech list, jump straight to the middle. The front is about how choices were made and what I was optimizing for, and…8 min read·Mar 28, 2021----
caseyjohnellisNIST: Vulnerability Disclosure as a Requirement for Every OrganizationThe NIST Cybersecurity Framework is a set of policies meant to help the private sector in strengthening their cybersecurity readiness and…3 min read·Mar 8, 2021----
caseyjohnellisNIST SP 800–53 R5 adds Vulnerability Disclosure Programs to Federal Security and Privacy Controls |…What are the changes?3 min read·Oct 7, 2020----
caseyjohnellisInformation Asymmetry and the 1950s Nuclear BountyThe idea of a bounty (or, more specifically, payment-for-success incentives designed to reduce information asymmetry) predate…4 min read·Sep 30, 2020----
caseyjohnellisindisclose.ioResponse to Voatz’s Supreme Court Amicus BriefSeptember 14, 202011 min read·Sep 24, 2020----
caseyjohnellisOnline-voting company pushes to make it harder for researchers to find security flawsThis story is part of Elections 2020, CNET’s coverage of the run-up to voting in November.3 min read·Sep 3, 2020----