A friend and I took the same class at the same time, but two different teachers. He wrote papers and had pop quizzes. I had a couple of easy tests. I got an A without trying, he got a B. Very subjective and not worth the stress.
Every generation for thousands of years thought kids were ruining things, described by the authors as a "pervasive illusion of humanity."
advances.sciencemag.org/cont…
The original TEE used to include Lux, and there are plenty of commuters into Lux from BE, FR, and DE, plus CJEU is there, seems like it could be easily added and is odd it wasn’t. But maybe the cost/benefit isn’t there...
@Coupa - feature request: do NOT send HTML attachments for POs, invoices, or anything else. HTML attachments get blocked, which means your POs and invoices do not get received. Either provide a link, or attach a PDF, or put the HTML invoice into the body of the email. k'thx!
I missed you were updating 6265, I’ll take a look. BTW, 6265 was the product of ~35 people, including everyone from 2109. But yes, @adambarth did do the heavy lifting for 6265, including building a cookie behavior testing suite. He’s an unsung hero of the internet.
SAMM and BSIMM are two ways to assess the maturity of your AppSec program. Wonder what the difference is?
Here's a comparison:
owaspsamm.org/blog/2020/10/2…
Back when I owned the bug bounty program at PayPal, I was adamant that researchers should be able to post their findings after it was patched. That’s how the community can collectively learn.
This is even better, do it! 💪
For the exemplar of "doin' it right", see Dropbox, who leave the researchers in control: dropbox.tech/security/protec…; Dropbox does not use the bug bounty to buy silence; neither does Dropbox reserve the right to take forever to fix.