🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

The State of the Art in Program Analysis is: zoom issues.

Lubys and Fuddruckers gone. What will Texas eat?

Well, that happened

⭐ Semgrep just passed 2,000 GitHub stars, yay! 📣 Today we’re thrilled to introduce Semgrep Community and announce our Series A funding from @redpointvc and Sequoia Capital. 🙏 Thanks to all who’ve supported us along the way. We’re grateful and humbled. More: r2c.dev/blog/2020/intr…

great people here, great product.

I'm super excited to be presenting at Empire Hacking on Dec 8 🙌 Trail of Bits does really solid technical work and their meet-ups are similarly high quality. Cool to be a part of it :D

Today Clint Gibler and I are publishing tl;dr sec's Risk8s Business: Risk Analysis of Kubernetes Clusters. There's tools and guidance for helping orgs go from "The devs did what?!" to "Here's how we mitigate the risk to our clusters" tldrsec.com/guides/kuberne…

Thx to everyone who came to my winded-rant at Absolute AppSec! slides are: github.com/lojikil/sister… Also, shout outs to: Brian Glas 🧙‍♀️redshiftzero 🧙‍♀️ Inactive; Bluesky is @hillelwayne(dot)com bmastenbrook for ideas that went into the rant! (this is no comment on them, they bear no responsibility for this 🤣)

A look inside how the SnowflakeDB security teams have evolved their role and responsibilities as the company scaled, by Jacob Salassi. I think there are some great take-aways for any size security team. r2c.dev/blog/2021/apps…

My appsec spirit animal Clint Gibler and I rubbed our brain cells together and wrote down some thoughts on scaling appsec at ❄️ Snowflake. Maybe you will find it useful, maybe you have better ideas. Either way, would love to hear from you.

I'm getting my talk for BsidesROC ready. It's a modern version of what I did at ShmooCon 1 year ago. Now with: - Open Policy Agent - falcosecurity - maybe some other ideas if there's time Why can't I just give the same talk twice? It would be so much easier...

TFW you xfer all the music you own to YouTube music and realize background play is premium only.

We accepted the risks

Threat Detection Maturity Framework from Haider Dost who runs the ❄️ threat detection team. link.medium.com/820ykpzNxjb

If you think the simplest way to do tree based queries in sql is to not, you're right.

Compliance is needing to be told to care about security. Great security teams don't need to be told. Security eats compliance. Change my mind.

co-pilot is tornado cash for open source code?

Seneca Scott Shameful career, so… 🤷‍♂️