Posts by Year


Stratechery: Aggregation Theory

1 minute read

Ben Thompson describes how properties of the Internet enable companies providing the best user experience to win, which leads to a virtuous but anti-competit...

Container Security

1 minute read

A collection of container security resources and tools, organized by category.

On Accepting Sponsors

7 minute read

tl;dr sec’s goals, values, and our thought process behind accepting sponsors. Sponsors will be clearly demarcated and will not affect the rest of the content.

Learnings from Duo

11 minute read

Jon Oberheide on Duo’s story, from conception through acquisition, and the important lessons he learned along the way.

Back to Top ↑


The Art of Vulnerability Management

10 minute read

Alexandra Nassar of Medallia describes how to create a positive vulnerability management culture and process that works for engineers and the security team.

DevSecCon Tel Aviv 2019 Roundup

5 minute read

Practical steps to start managing your secrets properly, continuous threat modeling, container security stats and best practices, and my thoughts on the futu...

[tl;dr sec] #6 - Post Hacker Summer Camp

3 minute read

Neat talks from Hacker Summer Camp on email -> phone number, DNS rebinding, automated C++ reverse engineering, and publicly exposed AWS EBS volumes.

Data Driven Bug Bounty

11 minute read

Arkadiy Tetelman describes how to effectively launch a bug bounty program and how tracking vulnerability metrics can make an AppSec team more impactful.

SCORE Bot: Shift Left, at Scale!

10 minute read

Vidhu Jayabalan and Laksh Raghavan present SCORE-Bot, PayPal’s light-weight, continuous code scanning tool that hooks into their CI/CD pipeline.

BSidesSF 2019: DevSecOps State of the Union

less than 1 minute read

There’s been a lot of great research in SecDevOps over the past few years. This talk organizes and references around 40 useful talks in the space.

Back to Top ↑