CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.
Phoenix, AZ
Joined July 2009
- Tweets 8,305
- Following 139
- Followers 776
- Likes 17,402
I wonder what the strong argument is for paying anything on full disclosure? Just to get the report of a bug?
With full disclosure, you get it for free, unless you believe the reporter wouldn’t disclose at all?
1
You’d also need a “no exploit” clause to prevent someone from disclosing, then immediately exploiting it, to double-dip.
Unless the company is superhumanly swift, there is a raised likelihood it will be exploited, causing no payout anyhow.
1
Full disclosure means 24x7 effort by the company to patch, an investigation to see if ever exploited, and it may take their revenue source offline for some duration.
No company wants a hard hit like that, why would the company then turnaround and reward the person responsible?
1
1
One observation: schooling in the US is primarily focused on individual achievement, with little collaborative work. But once students graduate into the workforce, the expectation is flipped, NOW they’re suppose to collaborate. 17+ years of conditioning is a hard habit to break.
1
1
Bil Corry retweeted
Metallica worked with Live Nation to list 88,000 of their concert tickets directly on Stubhub at higher prices instead of selling them at face value.
That way they blamed "scalpers" for fans not finding face value tickets when it was them all along. 😡 billboard.com/articles/busin…
5
19
5
25
We got this one from Costco and are happy with it. Costco has an awesome return policy if you decide you don’t like it, even years later.
costco.com/KETTLER-Monte-Car…
For example, the first published computer algorithm. Written by Ada.
commons.m.wikimedia.org/wiki…
1
1
Thanks! The challenge is finding images that can represent the field in a fun, artistic way. @ShenovaFashion dress designs set the bar very high.
Another thought is to target contributions by women, such as Ada Lovelace, Grace Hopper, Anita Borg, Etc.
2
3
Maybe a PCAP of malware? As you point out, not sure it’ll aesthetically work on a dress.
netresec.com/?page=PcapFiles
1
1
Or reverse shell code in assembly. rastating.github.io/creating…
2
1
One thought, use crypto diagrams, for example: images.app.goo.gl/TYbM8TX2nQ…
2
2
Disgusting.
I saw the article is from 2017 and couldn’t find anything newer, I wonder if the crackdown worked or if the practice went underground?
1
Bil Corry retweeted
Cloud Security Alliance Releases Cloud Penetration Testing Playbook
cloudsecurityalliance.org/ar…
2
51
3
90
I hadn’t heard that cover before, so it’s a win-win! There are more covers on YouTube, you might check them out.
Something with a similar mood, check out This Mortal Coil’s Song to the Siren, which was also covered extensively. Lost Witness has a great remix (Fabel Mix).
1
This dress is badass.
🌑Celebrate the 50th Anniversary of #Apollo11 #Moonlanding with a Moon Dress! #spacefashion #Apollo50th #Apollo50 #NASA #womeninstem shenovafashion.com/collectio…
1
3
No need to delete. Building shared context and narrative in dating takes time, especially if you’re dating men. I see this as a smart way to ensure some level of understanding while weeding out those who are not interested in expanding beyond their own worldview.
Bil Corry retweeted
Facebook asks users to add their phone numbers for 2-factor authentication, then misuses that info to target ads. Researchers at Northeastern uncovered this by signing up as an advertiser and finding many clever tricks to reverse-engineer FB's targeting. mislove.org/publications/PII…
35
1,487
201
2,142