An excellent Twitter thread by Dev Akhawe on the value of making this switch, and challenges and lessons learned along the way.
Detecting dependency confusion across many ecosystems, getting started in tech or security, the middle of VCs and products are dying.
Requirements of modern security tooling, graphing your dependencies and their vulnerabilities in Neo4J, and remembering a man who helped so many.
Signal creator finds bugs in Cellebrite, recommendations on hardening CI, using Okta to secure access to AWS accounts at scale.
In the wake of SolarWinds, Dino Dai Zovi describes how he recommends hardening your CI environment.
Moar evidence against memory unsafe languages, the power of secure reference architectures, and leveraging OpenAPI specs to more effectively detect attack surface.
[tl;dr sec] #78 - Scaling Threat Modeling at Segment, Bootstrapping vs VCs
Three new OAuth2 and OpenID Connect vulnerabilities, great intro/overview of networking concepts, security manager interviews & advancing your career in security.
An argument for why secure design + threat modeling is higher ROI than patching, making code signing easy, finding regex bugs with regexploit or fuzzing.
How Netflix enables development velocity + security with ConsoleMe, Spectre PoC and proposed defenses, and why speed is a superpower.
AWS security for small teams & Well-Architected resources, NFT overview, tools for creating and detecting deepfakes.
JSON libraries parse differently and that can lead to bugs, a number of career advice resources, and how to become compoundingly more effective.
