Blog | Crash Override

Introducing the Github Analyzer

The Github Analyzer is a free open source tool that examines the security configuration settings of a GitHub organization.

By Mark Curphey

Oct 25, 2022

a group of objects that are all dependent on each other exploding

Dependency Pinning Only Works If You Actually Review the Updates

I explain why dependency pinning only works if you review the code when you upgrade

By Mark Curphey

Oct 19, 2022

Designing the Crash Override brand and the Hackers movie

This post shares the story about our company name and how we created the Crash Override brand.

By Mark Curphey

Oct 14, 2022

What I Learned About Information Security From Academia

In this post I share lessons from my degree in info lessons earned in the real world after I left, told with some colourful real anecdotes

By Mark Curphey

Oct 11, 2022

Why SCA for Security is Really Hard

This post focuses on using SBOMs and vulnerability data and explains why most vulnerability data is not up to the job.

By Mark Curphey

Oct 10, 2022

Ransoming the CISO Role. Words of caution after the Joe Sullivan legal case.

John Viega shares his position on the industry implications for the conviction of Joe Sullivan, the former CISO of Uber in a case about breach reporting.

By John Viega

Oct 6, 2022

The AppSec letter bomb problem

This blog explains why code signing doesn't help address open source dependencies that contain malware.

By Mark Curphey

Oct 4, 2022

The SBOM frenzy is premature

This article explains why the current use cases for SBOMs are not complete and why the Securing Open Source Software Act of 2022 is flawed.

By Mark Curphey

Oct 3, 2022

The CSO Interviews - the biggest unsolved problems in security today

We asked over 50 leading CSOs and appsec leaders what their biggest unsolved problems were and then sat back and listened. This is what we heard.

By Mark Curphey

Sep 28, 2022