Building security tools is the wrong approach

We Need Modern Product Certification and We need It Now

The bull shitake from some security companies is out of control and security awards are a farcical tool they are using to look credible. It needs to stop.

The data from corporate messaging tools may indicate that developer led adoption isn't the best strategy for the widespread adoption of security tools

Why aren't there more developer tools with security features ?

We should accept that developers only pay lip service to security

How can we help open-source security projects generate sustainable funding without having to become commercial open-source companies? I have an idea.

This articles shares observations and anecdotes from my life about what makes companies and communities come and what makes them go.

This article describes why supply chain security is about all of the upstream and downstream dependencies that modern applications rely on and not just open source libraries.

Part two of my article about what is wrong with CVE/NVD and some ideas about how we could improve it.

Crash Override

An explosion of security startups and the economic climate are colliding and going to result in a train wreck. This post dives deeper in this that a recent short post in LinkedIn.