Bil Corry @bilcorry

CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.

 Phoenix, AZ
linkedin.com/in/bilcorry/
Joined July 2009
  • Tweets 8,305
  • Following 139
  • Followers 776
Load newest
Replying to @RachelRecruitin
As a member of the OWASP Board of Directors, I definitely agree it’s foundational! And I agree it’s odd that someone hasn’t been exposed to OWASP if they’ve done AppSec for 5+ years, but is plausible. We do not have a cert program, which means less visibility for newer people.
1
Replying to @laraghavan @shehackspurple @robertauger @cigitalgem
I agree. If the policies, processes, and tooling make compliance invisible, there isn't much to say other than follow/use/audit the policies, processes, and tooling to remain PCI compliant.
1
1
5
Replying to @RachelRecruitin
I think it's a symptom of how people find their way into the industry. I wouldn't want OWASP to become a gatekeeping signal, but do encourage those who don't know about OWASP to join their local chapter -- it's free! And global! owasp.org/chapters/
1
1
Bil Corry retweeted
Orin Kerr @OrinKerr
5 Apr 2021
Google v. Oracle: Google’s copying of the Java SE API was fair use. supremecourt.gov/opinions/20…
8
48
8
92
Replying to @juliagalef
Haven’t tried it, but we were looking at @HelloLanding hellolanding.com
1
Replying to @j_winterton @laurenapri
Me: When are you coming home? The kids and I miss you. Wife: I’m doing a writing retreat. Me: But you hate writing. And it’s been 2 months. Wife: I love it now.
1
Replying to @nickmoutvic @SarahWatson42
I taught my kids that they have the right to say “no” to anyone, including me. The authoritative style of parenting demands obedience, and it sets kids (especially girls) up for abuse by those in authority.
Replying to @randomdross
They seem surprised that you want chips AND salsa.
1
Replying to @alfiekohn
I wonder if it’s also true for GPA? Do students with the highest GPA not do as well psychologically and ethically?
1
1
Replying to @manicode @owasp
Easy enough to fix. I present to you the OWASP Top One: 1. All the vulns in the universe — past, present, and future. Protect against that and don’t let me down.
2
4
Replying to @frgx
A year in and I’m just finding out NOW that naps are allowed?
1
1
If you're building IoT, IIoT, ICS devices, this @ABAesq talk about insurance looks interesting. They're covering Cyber, General Liability, Product Liability, Tech E&O, Property, Crime, and D&O policies. americanbar.org/events-cle/m…
1
Replying to @ftp_alun @laraghavan @owasp @TechFTC
Or “Save Image” 🙄
What am I missing? What other dumb security practices do we push onto users?
3
4. Websites that ask/require users for credentials to other websites, such as to import financial information, to allow a potential employer to dig through your social media account, and similar. Do you really trust that website with your banking password?
1
1
This next one is not really something the Security team pushes onto users in so much as it is something the product team wants and Security often loses the fight to prevent it. So calling it out, because it's super dumb and we should stop allowing it.
1
3. "Secure" email products that require users to open HTML email attachments. The very same attack vector as some phishing. It has the additional downside of training users that opening HTML attachments is a normal behavior.
1
1
2. Preventing users from copying/pasting passwords. Besides being an accessibility issue, it doesn't seem to actually move the needle on security. @NCSC provides more background (and a link to @troyhunt's take) ncsc.gov.uk/blog-post/let-th…
2
1
I'm thinking of creating an @owasp Top Ten Dumb Things Security Makes Users Do. Here are a few: 1. Making users rotate passwords without evidence of compromise. @TechFTC actually does an awesome job of explaining why it's dumb. ftc.gov/news-events/blogs/te…
4
3
3
Replying to @MBonvoyAssist
Thanks!
1
Load more