Some people will remember Steve Jobs as the visionary designer of the iPhone. I will always remember him as this f**king guy

Rest In Peace, SecDef Ash Carter.😢

Your inspiring belief in the power of diversity created opportunity for women, all genders, and a few hackers, too. Your impact will be missed but not forgotten.

npr.org/2022/10/25/113…

#hackthepentagon

Bill Gates' Trustworthy Computing Memo publication is closer to the first release of MS DOS than it is to today. ⏳

😢 Why do security products fail?

By @Datadog CISO Emilio Escobar

- They introduce toil
- Poor UX
- For security, by security
- Lack of measurable effectiveness

Consider:
- Time to decision
- Think of all customer personas
- Use what’s already there

my.rage.cloud/why-do-securit…

Most companies are not Uber this morning as a matter of luck, not skill.

This could easily have been ~90% of organizations.

Don’t point and laugh. It could be you next time, and it might be already.

Louder, for the folks in the back 📣

'Slowing down software delivery does not help security, it hurts it'

NHTSA updated its vehicle cybersecurity guidance. Citing the NIST Framework, NHTSA's guidance states (pg. 9) that it is important for the automotive industry to adopt vulnerability disclosure programs and incident response processes, among other things. nhtsa.gov/sites/nhtsa.go…

cyber security isn't important... and that's OK.

This isn't a bleak rant... more a sharing of something I've known for a while... and am now accepting.

If you want your assumptions of cyber security challenged, please read on! 🧵

1

GitLab disclosed a bug submitted by William Bowling @[email protected]: hackerone.com/reports/1609965 - Bounty: $33,510 #hackerone #bugbounty

This Sunday marks 30 years since the release of the greatest hacker movie of all time: Sneakers.

I've been saving stuff I've seen about Sneakers on Twitter for literally months; a quick thread about why this movie is so timeless and links to sources for more reading.

🚀 To keep ahead of cybercriminals, we work with the ethical hacker community through our Bug Bounty Program & events to assist with catching bugs & identifying issues before the bad guys do—an industry best practice. Read how HackerOne’s #h1702 went:zm.me/3evzQ85

Nobody in infosec is surprised that Twitter had unpatched servers, lax access controls, an immature SDLC, poor backups, and all of the other security debt that you'll find in most large enterprises. BUT...

A woman in Louisiana is being forced to carry a fetus without a skull to term. It will be dead on delivery.

Because abortion is banned, she’s being forced to carry a corpse for 6 more months.

Roe v Wade kept us from stories like these every day.

In the last year, numerous concerns have been raised over the work and behavior of Jonathan Scott. He has now been expelled from his PhD program. Here’s a statement from Tarah M. Wheeler and myself.

So… I just finished my 1st HackerOne Live Hacking event & I’m heading into another with bugcrowd

As a program owner, hacker, & security leader… I have thoughts!

Read along for some spicy bounty takes.

🚨 Like, follow, & retweet for more security content 🚨

a 🧵

1/x

The 2022 #H1Elite announcement is here! Every year at HackerOne, we celebrate the hacker community’s hard work by selecting 5 hackers and awarding them with the HackerOne Elite title and a special comic. Check them out below!👇🧵

Ever had a source code review audit as part of, or in tandem with, a web app pentest? I’d love meet up and ask a couple of questions (~15min).

Open, community collaboration is in our DNA. We believe Open Security is the best way to keep systems secure — allowing for further understanding of how to protect systems from cyberattacks for all who need it. Learn more here: go.es.io/3QkVDNp

I was finally able to disclose one of the examples from my last blog post labs.detectify.com/2022/07/06/acc…
Here's the PoC-movie from the report to Reddit:

I'm not sure people understand the reason having a functional, capable, independent, dedicated cybersecurity incident investigation body could be of great benefit.

To put it one way...

The neverending stream of cybersecurity breaches is, in a sense, caused by lies.