Open Source
Blog
Docs
Resources
Our Story
Press Kit
Downloads
Contact Us
On Social Media Witch Hunts and Learning Important Lessons
By Mark
10th of September, 2024
C isn’t a Hangover; Rust isn’t a Hangover Cure
By John Viega
23rd of April, 2024
Is Shadow Development Really A Problem?
By Mark
10th of April, 2024
Are there too many bubbles of similar security efforts?
By Mark
26th of March, 2024
Welcome ZAP to the Open Source Fellowship
By Mark
14th of March, 2024
The Crash Override Open Source Fellowship
By Mark
13th of March, 2024
SBOMs for Production Incident Response Maybe a Killer Trojan Use Case for Security
By Mark
14th of November, 2023
Best-of-Breed and Industry Standard is Misleading
By Mark
14th of November, 2023
The Power of Small, Fast, Grit and Cross-Functional Relationships
By Mark
13th of November, 2023
Build System or Bust and Wrapping Security Tools Using Docker
By Mark
13th of November, 2023
Security Quackery
By Mark
26th of October, 2023
How can you have any pudding if you don't eat yer meat?
By Mark
16th of October, 2023
Why open core, GPL and dual licensing is a model that works
By Mark
10th of October, 2023
The curse of AI in the security industry
By Mark
5th of October, 2023
Five Questionable Things About Top Ten Security Lists
By Mark Curphey
3rd of October, 2023
Chalk is now officially open-source
By Mark Curphey
26th of September, 2023
Chalk™ 0.0.1 (alpha) has been released
By John Viega
26th of July, 2023
Early Access to Crash Override
By Mark Curphey
26th of July, 2023
Building Security Tools is the Wrong Approach
By Mark Curphey
13th of June, 2023
We Need Modern Product Security Certification And We Need It Now
By Mark Curphey
6th of June, 2023
Why you should not give a f*ck about security awards
By Mark Curphey
10th of May, 2023
The Hackers Mural - Amsterdam April 2023
By Mark Curphey
21st of April, 2023
Creating Art Not Junk - The Hack in the Box Treasure Hunt
By Mark Curphey
17th of April, 2023
How AI might affect DevSecOps
By Mark Curphey
5th of April, 2023
Is developer led, the best strategy for the adoption of security tools?
By Mark Curphey
29th of March, 2023
Security Tools Can't Just Be Friction Free. Was SCA the Tipping Point?
By Mark Curphey
20th of March, 2023
Less AppSec Assessment and Protection, More DevSecOps Observability
By Mark Curphey
6th of March, 2023
Developers Only Pay Lip Service to Security. Get Over It.
By Mark Curphey
2nd of March, 2023
Could sports advertising be a valid model for for open-source security?
By Mark Curphey
1st of March, 2023
Why are the same old appsec issues still a thing in 2023?
By Mark Curphey
8th of February, 2023
We don’t need more bloody appsec tools
By Mark Curphey
1st of February, 2023
DevSecOps is better than appsec
By Mark Curphey
31st of January, 2023
Why security companies and communities come and go
By Mark Curphey
26th of January, 2023
On the left, on the right and wiggle in the middle
By Mark Curphey
18th of January, 2023
Why supply chain security is so much more than open source code and CVE’s
By Mark Curphey
10th of January, 2023
In the future, can you have your appsec cake and eat it as well ?
By Mark Curphey
4th of January, 2023
CVE / NVD doesn’t work for open source and supply chain security
By Mark Curphey
21st of December, 2022
CVE / NVD doesn’t work for open source and supply chain security
By Mark Curphey
30th of November, 2022
A Security Tools Crash Is Coming
By Mark Curphey
21st of November, 2022
A Personal History of the AppSec Industry
By Mark Curphey
16th of November, 2022
Don’t Blame the Players, Blame the Game
By Mark Curphey
1st of November, 2022
What The Bloody Hell Is An Application ?
By Mark Curphey
31st of October, 2022
Introducing the Github Analyzer
By Mark Curphey
25th of October, 2022
Dependency Pinning Only Works If You Actually Review the Updates
By Mark Curphey
19th of October, 2022
Designing the Crash Override brand and the Hackers movie
By Mark Curphey
14th of October, 2022
What I Learned About Information Security From Academia
By Mark Curphey
11th of October, 2022
Why SCA for Security is Really Hard
By Mark Curphey
10th of October, 2022
Ransoming the CISO Role. Words of caution after the Joe Sullivan legal case.
By John Viega
6th of October, 2022
The AppSec letter bomb problem
By Mark Curphey
4th of October, 2022
The SBOM frenzy is premature
By Mark Curphey
3rd of October, 2022
The CSO Interviews - the biggest unsolved problems in security today
By Mark Curphey
28th of September, 2022