Stanford Internet Observatory Research Scholar [Riana Pfefferkorn](https://twitter.com/Riana_Crypto) shares her thoughts on legal implications of the Cellebrite hack.
A roadmap for establishing a cloud security program + a task list, thoughts on measuring security, the legal implications of Signal's Cellebrite hack.
Benchmarking infra as code scanning tools, offense-focused Jenkins tools, and principles that can help scale security.
An excellent Twitter thread by Dev Akhawe on the value of making this switch, and challenges and lessons learned along the way.
Detecting dependency confusion across many ecosystems, getting started in tech or security, the middle of VCs and products are dying.
Requirements of modern security tooling, graphing your dependencies and their vulnerabilities in Neo4J, and remembering a man who helped so many.
Signal creator finds bugs in Cellebrite, recommendations on hardening CI, using Okta to secure access to AWS accounts at scale.
In the wake of SolarWinds, Dino Dai Zovi describes how he recommends hardening your CI environment.
Moar evidence against memory unsafe languages, the power of secure reference architectures, and leveraging OpenAPI specs to more effectively detect attack surface.
[tl;dr sec] #78 - Scaling Threat Modeling at Segment, Bootstrapping vs VCs
Three new OAuth2 and OpenID Connect vulnerabilities, great intro/overview of networking concepts, security manager interviews & advancing your career in security.
An argument for why secure design + threat modeling is higher ROI than patching, making code signing easy, finding regex bugs with regexploit or fuzzing.
