Crash Override

The curse of AI in the security industry

What happens if everyone thinks AI is table stakes? It become a checkbox feature.
By Mark Curphey
Oct 5, 2023

Five Questionable Things About Top Ten Security Lists

Five Questionable Things About Top Ten Security Lists
By Mark Curphey
Oct 3, 2023

Building Security Tools is the Wrong Approach

Building security tools is the wrong approach
By Mark Curphey
Jun 13, 2023

We Need Modern Product Security Certification And We Need It Now

We Need Modern Product Certification and We need It Now
By Mark Curphey
Jun 6, 2023

Why you should not give a f*ck about security awards

The bull shitake from some security companies is out of control and security awards are a farcical tool they are using to look credible. It needs to stop.
By Mark Curphey
May 10, 2023

Is developer led, the best strategy for the adoption of security tools?

The data from corporate messaging tools may indicate that developer led adoption isn't the best strategy for the widespread adoption of security tools
By Mark Curphey
Mar 29, 2023
a pencil and water colour drawing of a broken oil pipe in a frozen landscape

Security Tools Can't Just Be Friction Free. Was SCA the Tipping Point?

Why aren't there more developer tools with security features ?
By Mark Curphey
Mar 20, 2023

Developers Only Pay Lip Service to Security. Get Over It.

We should accept that developers only pay lip service to security
By Mark Curphey
Mar 2, 2023

Could sports advertising be a valid model for for open-source security?

How can we help open-source security projects generate sustainable funding without having to become commercial open-source companies? I have an idea.
By Mark Curphey
Mar 1, 2023

Why security companies and communities come and go

This articles shares observations and anecdotes from my life about what makes companies and communities come and what makes them go.
By Mark Curphey
Jan 26, 2023

Why supply chain security is so much more than open source code and CVE’s

This article describes why supply chain security is about all of the upstream and downstream dependencies that modern applications rely on and not just open source libraries.
By Mark Curphey
Jan 10, 2023

CVE / NVD doesn’t work for open source and supply chain security

Part two of my article about what is wrong with CVE/NVD and some ideas about how we could improve it.
By Mark Curphey
Dec 21, 2022