Wowza! 🤩 Thanks William Woodruff (1.3.6.1.4.1.55738) and Trail of Bits for this new set of features: blog.trailofbits.com/2024/01/25/we-…

Reminder: you can hire Trail of Bits to write code for you x.com/trailofbits/st…

Next on the #MLSecOps pod - William Woodruff (1.3.6.1.4.1.55738)), Engineering Director at Trail of Bits, joins Dan McInerney & adzz.eth for "ReDoS Vulnerability Reports: Security Relevance vs. Noisy Nuisance," to examine ReDoS report usefulness (if any?) & other reports like the one in this preview.

i'm excited to be speaking at PyCon US this year, about the work my team Trail of Bits has done to implement X.509 validation in PyCA Cryptography! talk blurb: us.pycon.org/2024/schedule/… a previous explainer on the work and why it matters: blog.trailofbits.com/2024/01/25/we-…

new post: More thoughts on vulnerabilities and misaligned incentives blog.yossarian.net/2024/03/20/Mor…

Logyi várja a Mikulást kernelcon After our announcements and some discussion on the nature of blue-teaming (given lojikil's latest gig), we're diving into discussion of CVEs via William Woodruff (1.3.6.1.4.1.55738)'s comments here: blog.yossarian.net/2024/03/20/Mor…

In Toronto for @realworldcrypto and OSCW? William Woodruff (1.3.6.1.4.1.55738) is presenting our work on X.509 validation for Python, including a reusable testsuite that’s already helped improve other X.509 implementations! opensourcecryptowork.shop/2024/ Read more about our work here: blog.trailofbits.com/2024/01/25/we-…

Open Source Cryptography Workshop 2024 videos and slides are posted: opensourcecryptowork.shop/2024/ Talks by Franziskus Kiefer , Deirdre Connolly¹ , Sophie, indistinguishable from random noise, Nina Bindel, Armando Faz 🌵, Iraklis Leontiadis, Thibault, William Woodruff (1.3.6.1.4.1.55738), et al.

On the passing of our dear friend and alumni, Sophia "quend" d'Antoine (Sophia d’Antoine)

PyPI now has three new Trusted Publishing, thanks (in part) to our work at Trail of Bits! This realizes our goal of expanding Trusted Publishing to compute environments outside of GitHub Actions: blog.pypi.org/posts/2024-04-…

\We’ve open-sourced our pure Rust and Go implementations of the post-quantum Leighton-Micali Hash-Based Signatures (LMS)! Explore secure digital signatures designed to withstand quantum attacks. blog.trailofbits.com/2024/04/26/ann…

Today, I’d like to announce Homebrew 4.3.0. The most significant changes since 4.2.0 are SBOM support, initial bottle attestation verification, new command analytics and uninstall autoremove by default. Read more at brew.sh/2024/05/14/hom… and discuss on Hacker News at

For the last 6 months, my team at Trail of Bits has been working with A-O and OpenSSF to bring build provenance to Homebrew. Today, I'm pleased to announce that our work is in public beta! Read about our design and how you can verify bottles today: blog.trailofbits.com/2024/05/14/a-p…

new post: Python wheel filenames have no canonical form blog.yossarian.net/2024/06/12/Pyt…

Homebrew, the missing package manager for macOS, produces the binaries that millions of users download daily. 👉 Read about our audit of Homebrew’s CI/CD pipeline and brew. buff.ly/3Wq7wGP

new post: approximating sum types in python with pydantic blog.yossarian.net/2024/08/12/App…