Blog | Crash Override

Why we should be thanking the OpenSSL developers rather than chastising them in light of CVE-2022-3786 and CVE-2022-3602.

It’s a bit pathetic that, for an industry that generally calls itself “Application Security”, we don’t seem to know how to define what an application is.

The Github Analyzer is a free open source tool that examines the security configuration settings of a GitHub organization.

I explain why dependency pinning only works if you review the code when you upgrade

This post shares the story about our company name and how we created the Crash Override brand.

In this post I share lessons from my degree in info lessons earned in the real world after I left, told with some colourful real anecdotes

This post focuses on using SBOMs and vulnerability data and explains why most vulnerability data is not up to the job.

John Viega shares his position on the industry implications for the conviction of Joe Sullivan, the former CISO of Uber in a case about breach reporting.

This blog explains why code signing doesn't help address open source dependencies that contain malware.

This article explains why the current use cases for SBOMs are not complete and why the Securing Open Source Software Act of 2022 is flawed.

We asked over 50 leading CSOs and appsec leaders what their biggest unsolved problems were and then sat back and listened. This is what we heard.