The Summercon community is heartbroken over the loss of Sophia d'Antoine. An inspiring speaker and cherished friend, Sophia d’Antoine's contributions to Summercon and the infosec community were immeasurable. We offer our heartfelt condolences to her family and all who loved her.

Removing access to SaaS apps without SSO remains a perennial challenge for businesses.
'Cano had access to the accounts in his capacity as Orlando’s asst & continued to have access despite no longer being Orlando’s asst or working at Benessere' wired.com/story/truth-so…

Excerpt from Walter Scheirer's 'A History of Fake Things on the Internet' where he talks about the early days of internet and pre-internet information distributed by early net and pre-net denizens like L0pht lithub.com/unlocking-digi…

Recon has been on my 'must go' list for a long time and in 2024 I will finally get to participate for the first time in this great conference. Come to Montreal in June!

I will be on Cristina Cifuentes decompilation panel. #ilovebinaries

Auth logic is often complex & requires manual code review

'An error in the account handler lets an attacker skip the PIN verification entirely and create a privileged user profile'

What will happen in 10 yrs? Will IoT still get security updates? #abandonware …

This is the vulnerability that started the discussion of open source risk to commercial software. It eventually led to SBOMs and more vendor transparency.

Theres a lot of talk about what the OSS community needs to do to prevent future interference. Suggestions like restricting code updates to devs with “good reputations”, even going so far as sating once a project is “critical” in some way it should be taken over or restricted.

I’m looking forward to Device Bound Session Cookies which would have a meaningful impact on the online security of billions of people. blog.chromium.org/2024/04/fighti…

The CSRB recommendations for Microsoft includes words from Bill Gates' Trustworthy Computing memo of 2002 which kicked off Microsoft starting to care about security 22 years ago.

Easy to say. Hard to do, but do we must!
cisa.gov/sites/default/…

Root cause mapping is super important. At Veracode we do this for each CVE in an OSS package our customers are dependent on so that we can understand the CWE and location of each known issue to see how it impacts our customers applications. The benefit of this is sometimes you…

Ellison thinks it is time to hand cybersecurity over to the computers.

'a new generation of highly secure and reliable autonomous digital infrastructure'

'Humans, with their propensity for error and mischief, shouldn’t be trusted to configure critical parts of the system'…

We are just getting started taking advantage of the vulnerabilities created by GenAI code. Attackers can create the dependancies that AIs hallucinate. theregister.com/2024/03/28/ai_…

Veracode has acquired Longbow Security, a pioneer in security risk management for #cloud -native applications! This marks the next phase for Veracode in our mission to help organizations manage and reduce application risk across the growing attack surface. Welcome aboard, Longbow

Now that we know software is not built secure by default and requires a dedicated process to reduce risk to an acceptable level, is it negligent to purchase and deploy software without understanding what software creation process was performed?