• 

  Opengrep - The Security Industry Deserves Better

  

  By Mark Curphey

  29th of January, 2025

• 

  The Security Industry Needs More "Easy Buttons"

  

  By John Viega

  14th of January, 2025

• 

  Security Marketing Exposed - Part One

  

  By Mark Curphey

  8th of January, 2025

• 

  Whack-a-mole is dead

  

  By Mark Curphey

  6th of November, 2024

• 

  On Social Media Witch Hunts and Learning Important Lessons

  

  By Mark

  10th of September, 2024

• 

  C isn’t a Hangover; Rust isn’t a Hangover Cure

  

  By John Viega

  23rd of April, 2024

• 

  Is Shadow Development Really A Problem?

  

  By Mark

  10th of April, 2024

• 

  Are there too many bubbles of similar security efforts?

  

  By Mark

  26th of March, 2024

• 

  Welcome ZAP to the Open Source Fellowship

  

  By Mark

  14th of March, 2024

• 

  The Crash Override Open Source Fellowship

  

  By Mark

  13th of March, 2024

• 

  SBOMs for Production Incident Response Maybe a Killer Trojan Use Case for Security

  

  By Mark

  14th of November, 2023

• 

  Best-of-Breed and Industry Standard is Misleading

  

  By Mark

  14th of November, 2023

• 

  The Power of Small, Fast, Grit and Cross-Functional Relationships

  

  By Mark

  13th of November, 2023

• 

  Build System or Bust and Wrapping Security Tools Using Docker

  

  By Mark

  13th of November, 2023

• 

  Security Quackery

  

  By Mark

  26th of October, 2023

• 

  How can you have any pudding if you don't eat yer meat?

  

  By Mark

  16th of October, 2023

• 

  Why open core, GPL and dual licensing is a model that works

  

  By Mark

  10th of October, 2023

• 

  The curse of AI in the security industry

  

  By Mark

  5th of October, 2023

• 

  Five Questionable Things About Top Ten Security Lists

  

  By Mark Curphey

  3rd of October, 2023

• 

  Chalk is now officially open-source

  

  By Mark Curphey

  26th of September, 2023

• 

  Chalk™ 0.0.1 (alpha) has been released

  

  By John Viega

  26th of July, 2023

• 

  Early Access to Crash Override

  

  By Mark Curphey

  26th of July, 2023

• 

  Building Security Tools is the Wrong Approach

  

  By Mark Curphey

  13th of June, 2023

• 

  We Need Modern Product Security Certification And We Need It Now

  

  By Mark Curphey

  6th of June, 2023

• 

  Why you should not give a f*ck about security awards

  

  By Mark Curphey

  10th of May, 2023

• 

  The Hackers Mural - Amsterdam April 2023

  

  By Mark Curphey

  21st of April, 2023

• 

  Creating Art Not Junk - The Hack in the Box Treasure Hunt

  

  By Mark Curphey

  17th of April, 2023

• 

  How AI might affect DevSecOps

  

  By Mark Curphey

  5th of April, 2023

• 

  Is developer led, the best strategy for the adoption of security tools?

  

  By Mark Curphey

  29th of March, 2023

• 

  Security Tools Can't Just Be Friction Free. Was SCA the Tipping Point?

  

  By Mark Curphey

  20th of March, 2023

• 

  Less AppSec Assessment and Protection, More DevSecOps Observability

  

  By Mark Curphey

  6th of March, 2023

• 

  Developers Only Pay Lip Service to Security. Get Over It.

  

  By Mark Curphey

  2nd of March, 2023

• 

  Could sports advertising be a valid model for for open-source security?

  

  By Mark Curphey

  1st of March, 2023

• 

  Why are the same old appsec issues still a thing in 2023?

  

  By Mark Curphey

  8th of February, 2023

• 

  We don’t need more bloody appsec tools

  

  By Mark Curphey

  1st of February, 2023

• 

  DevSecOps is better than appsec

  

  By Mark Curphey

  31st of January, 2023

• 

  Why security companies and communities come and go

  

  By Mark Curphey

  26th of January, 2023

• 

  On the left, on the right and wiggle in the middle

  

  By Mark Curphey

  18th of January, 2023

• 

  Why supply chain security is so much more than open source code and CVE’s

  

  By Mark Curphey

  10th of January, 2023

• 

  In the future, can you have your appsec cake and eat it as well ?

  

  By Mark Curphey

  4th of January, 2023

• 

  CVE / NVD doesn’t work for open source and supply chain security

  

  By Mark Curphey

  21st of December, 2022

• 

  CVE / NVD doesn’t work for open source and supply chain security

  

  By Mark Curphey

  30th of November, 2022

• 

  A Security Tools Crash Is Coming

  

  By Mark Curphey

  21st of November, 2022

• 

  A Personal History of the AppSec Industry

  

  By Mark Curphey

  16th of November, 2022

• 

  Don’t Blame the Players, Blame the Game

  

  By Mark Curphey

  1st of November, 2022

• 

  What The Bloody Hell Is An Application ?

  

  By Mark Curphey

  31st of October, 2022

• 

  Introducing the Github Analyzer

  

  By Mark Curphey

  25th of October, 2022

• 

  Dependency Pinning Only Works If You Actually Review the Updates

  

  By Mark Curphey

  19th of October, 2022

• 

  Designing the Crash Override brand and the Hackers movie

  

  By Mark Curphey

  14th of October, 2022

• 

  What I Learned About Information Security From Academia

  

  By Mark Curphey

  11th of October, 2022

• 

  Why SCA for Security is Really Hard

  

  By Mark Curphey

  10th of October, 2022

• 

  Ransoming the CISO Role. Words of caution after the Joe Sullivan legal case.

  

  By John Viega

  6th of October, 2022

• 

  The AppSec letter bomb problem

  

  By Mark Curphey

  4th of October, 2022

• 

  The SBOM frenzy is premature

  

  By Mark Curphey

  3rd of October, 2022

• 

  The CSO Interviews - the biggest unsolved problems in security today

  

  By Mark Curphey

  28th of September, 2022