Black Hat

Are you going to Vegas? If so we would love to meet
Crash Override
Home /

Blog | Crash Override

Ocular is a flexible, open-source platform for scalable security scanning beyond your CI/CD system.

Out-of-Band, In Control: Why We Built Ocular

Ocular is a flexible, open-source platform for scalable security scanning beyond your CI/CD system.
By Bryce Thuilot
Jul 17, 2025

Featured

Builds Don’t Lie. Unless You’re Not Watching Them.

By John Viega
Jul 15, 2025

Seeing What Matters Starts with Shadow Engineering Detection

By Mark Curphey
Jun 17, 2025

Hooray! Security Teams May Still Be Accountable for Secure Software, but Developers Are Now Taking Responsibility for It and Here Is Why

By Mark Curphey
Jun 3, 2025

How to Uncover Potential Shadow Engineering Situations

By Sean Clarke
Apr 30, 2025

The Curious Case of Shadow Engineering

By Mark Curphey
Apr 28, 2025
RSA 2025 was a goat rodeo

RSA 2025: Lost in the Petting Zoo, Searching for Signal

Another RSA Conference has come and gone. Security marketing is having an identity crisis. It is time for a reset.
By Rich Smith
May 7, 2025

How-to add code owners files to all of your production repos

How to easily make sure you have code owners files in all of your production repos using the Crash Override platform
By Sean Clarke
Apr 16, 2025

The Security Industry Needs More "Easy Buttons"

The security industry must prioritize creating streamlined, user-friendly solutions—'easy buttons'—to reduce the complexity and costs for development organizations.
By John Viega
Jan 14, 2025

Security Marketing Exposed - Part One

Why understanding marketing is a super power for running operational security programs
By Mark Curphey
Jan 8, 2025

Security

When "You Could Be Hacked" Is the Best We've Got

Most GenAI security lists miss the mark. Here’s what developers actually need to build secure software with real tools and context.
By Mark Curphey
Jul 24, 2025

Opengrep - The Security Industry Deserves Better

Opengrep, a fork of Semgrep, raises concerns in open-source security. This blog investigates the motivations behind Opengrep, defends Semgrep’s open-core model, and calls for industry accountability.
By Mark Curphey
Jan 29, 2025

Are there too many bubbles of similar security efforts?

Why we shouldn't work together for the greater good of the security industry
By Mark Curphey
Mar 26, 2024

SBOMs for Production Incident Response Maybe a Killer Trojan Use Case for Security

SBOMs are more valuable for platform engineers than they are to security engineers today, and why this will help security in the long run.
By Mark Curphey
Nov 14, 2023
More Security articles

Whack-a-mole is dead

Welcome to the post alerts and issues era, and why security insecticides are a better approach.
By Mark Curphey
Nov 6, 2024
Social Media Witch Hunt

On Social Media Witch Hunts and Learning Important Lessons

As Jen Easterly from CISA said, ‘this (CRWD saga) is a dress rehearsal for what China could do in the future’ and if we don’t learn the actual lessons here we are doomed to repeat history.
By Mark Curphey
Sep 10, 2024

C isn’t a Hangover; Rust isn’t a Hangover Cure

It seems there are too many people in the security industry that are too fast to condemn C/C++
By John Viega
Apr 23, 2024

Is Shadow Development Really A Problem?

A look at how the BYOD problem was solved and how we can use that approach to solve the shadow development problem
By Mark Curphey
Apr 10, 2024
Zap logo

Welcome ZAP to the Open Source Fellowship

The Crash Override Open Source Fellowship is a program to help sustain and grow important open source security projects.
By Mark Curphey
Mar 14, 2024

The Crash Override Open Source Fellowship

The Crash Override Open Source Fellowship is a program to help sustain and grow important open source security projects.
By Mark Curphey
Mar 13, 2024

Best-of-Breed and Industry Standard is Misleading

Best of Breed and Industry Standard is Misleading
By Mark Curphey
Nov 14, 2023

The Power of Small, Fast, Grit and Cross-Functional Relationships

The traits of high performing security teams
By Mark Curphey
Nov 13, 2023

Company News

Chalk has a new home

We have have refreshed the documentation for the Chalk project, and moved it to its new home. Chalk for serverless functions is coming soon!
By Mark Curphey
Apr 13, 2025

The Business Value of Engineering Relationship Management

This articles explains the business value of ERM. For everyone in DevOps, it's a better experience, a more efficient & a cheaper way to work.
By Mark Curphey
Apr 9, 2025

Introducing Engineering Relationship Management

ERM is a single source of truth and a complete change ledger for DevOps, connecting all your code, cloud infrastructure, tools, builds & deployments.
By Mark Curphey
Apr 8, 2025

Chalk is now officially open-source

Chalk is officially now open-source
By Mark Curphey
Sep 26, 2023
More Company News articles
Crash Override
Subscribe to our newsletter

Practical insights, sharp takes, and tactical guidance for engineering and security leaders.

© 2025, Crash Override Inc.Cookie PolicyPrivacy PolicyData Subject Access Request