Crash Override
Why GenAI Security Guidance Fails Modern Developers

When "You Could Be Hacked" Is the Best We've Got

Most GenAI security lists miss the mark. Here’s what developers actually need to build secure software with real tools and context.
By Mark Curphey
Jul 24, 2025
Ocular is a flexible, open-source platform for scalable security scanning beyond your CI/CD system.

Out-of-Band, In Control: Why We Built Ocular

Ocular is a flexible, open-source platform for scalable security scanning beyond your CI/CD system.
By Bryce Thuilot
Jul 17, 2025
Shadow engineering disrupts Dev and Sec. See how visibility transforms workflows and risk posture.

Seeing What Matters Starts with Shadow Engineering Detection

Shadow engineering is the new shadow IT. Learn how Crash Override helps you uncover it early, align Dev and Sec, and build faster with less risk and more control.
By Mark Curphey
Jun 17, 2025
Developers are taking responsibility for software security here's why it matters

Hooray! Security Teams May Still Be Accountable for Secure Software, but Developers Are Now Taking Responsibility for It and Here Is Why

Developers are finally taking real responsibility for secure code while security teams shift into trusted advisor roles. Here's why it matters.
By Mark Curphey
Jun 3, 2025
shadow-engineering-thumb.png

How to Uncover Potential Shadow Engineering Situations

The product walkthrough helps surface shadow engineering issues across your cloud infrastructure and explains what they mean for your team.
By Sean Clarke
Apr 30, 2025
curious-case-of-shadow-eng.png

The Curious Case of Shadow Engineering

By Mark Curphey
Apr 28, 2025

Code Ownership and Code Owners Files

This article explains why code ownership matters, what is needed in a code ownership system, and where code owners files falls short.
By Mark Curphey
Apr 15, 2025

Opengrep - The Security Industry Deserves Better

Opengrep, a fork of Semgrep, raises concerns in open-source security. This blog investigates the motivations behind Opengrep, defends Semgrep’s open-core model, and calls for industry accountability.
By Mark Curphey
Jan 29, 2025

Are there too many bubbles of similar security efforts?

Why we shouldn't work together for the greater good of the security industry
By Mark Curphey
Mar 26, 2024

SBOMs for Production Incident Response Maybe a Killer Trojan Use Case for Security

SBOMs are more valuable for platform engineers than they are to security engineers today, and why this will help security in the long run.
By Mark Curphey
Nov 14, 2023

Build System or Bust and Wrapping Security Tools Using Docker

Build System or Bust and Wrapping Security Tools Using Docker
By Mark Curphey
Nov 13, 2023

Security Quackery

The Dangerous Rise of the Security Influencers Who Shouldn't Be, and the Oxygen Sucking Echo Chamber It Creates
By Mark Curphey
Oct 26, 2023