How it works
How-To Guides
Documentation
Blog
Log in
Chalk is now officially open source
By Mark Curphey
27th of September, 2023
Announcing the Alpha Release of the Crash Override Chalk™ Open Source Project
By John Viega
26th of July, 2023
Early Access to Crash Override
By Mark Curphey
26th of July, 2023
Building Security Tools is the Wrong Approach
By Mark Curphey
13th of June, 2023
We Need Modern Product Security Certification And We Need It Now
By Mark Curphey
6th of June, 2023
Why you should not give a f*ck about security awards
By Mark Curphey
10th of May, 2023
The Hackers Mural - Amsterdam April 2023
By Mark Curphey
21st of April, 2023
Creating Art Not Junk - The Hack in the Box Treasure Hunt
By Mark Curphey
17th of April, 2023
How AI might affect DevSecOps
By Mark Curphey
5th of April, 2023
Is developer led, the best strategy for the adoption of security tools?
By Mark Curphey
29th of March, 2023
Security Tools Can't Just Be Friction Free. Was SCA the Tipping Point?
By Mark Curphey
20th of March, 2023
Less AppSec Assessment and Protection, More DevSecOps Observability
By Mark Curphey
6th of March, 2023
Developers Only Pay Lip Service to Security. Get Over It.
By Mark Curphey
2nd of March, 2023
Could sports advertising be a valid model for for open-source security?
By Mark Curphey
1st of March, 2023
Why are the same old appsec issues still a thing in 2023?
By Mark Curphey
8th of February, 2023
We don’t need more bloody appsec tools
By Mark Curphey
1st of February, 2023
DevSecOps is better than appsec
By Mark Curphey
31st of January, 2023
Why security companies and communities come and go
By Mark Curphey
26th of January, 2023
On the left, on the right and wiggle in the middle
By Mark Curphey
18th of January, 2023
Why supply chain security is so much more than open source code and CVE’s
By Mark Curphey
10th of January, 2023
Right Up Our Alley
By Mark Curphey
5th of January, 2023
In the future, can you have your appsec cake and eat it as well ?
By Mark Curphey
4th of January, 2023
CVE / NVD doesn’t work for open source and supply chain security
By Mark Curphey
30th of November, 2022
A Security Tools Crash Is Coming
By Mark Curphey
21st of November, 2022
A Personal History of the AppSec Industry
By Mark Curphey
16th of November, 2022
Don’t Blame the Players, Blame the Game
By Mark Curphey
1st of November, 2022
What The Bloody Hell Is An Application ?
By Mark Curphey
31st of October, 2022
Introducing Github Analyzer
By Mark Curphey
25th of October, 2022
Dependency Pinning Only Works If You Actually Review the Updates
By Mark Curphey
19th of October, 2022
Designing the Crash Override brand and the Hackers movie
By Mark Curphey
14th of October, 2022
What I Learned About Information Security From Academia
By Mark Curphey
11th of October, 2022
Why SCA for Security is Really Hard
By Mark Curphey
10th of October, 2022
Ransoming the CISO Role. Words of caution after the Joe Sullivan legal case.
By John Viega
6th of October, 2022
The AppSec letter bomb problem
By Mark Curphey
4th of October, 2022
The SBOM frenzy is premature
By Mark Curphey
3rd of October, 2022
The CSO Interviews - the biggest unsolved problems in security today
By Mark Curphey
28th of September, 2022
