• Rebuttal? Not really… Comments on Curphey’s Latest Blog
    Rebuttal? Not really… Comments on Curphey’s Latest Blog

    I went into a LinkedIn post expecting to have to buy a new box of red sharpies to be honest, but I am pleasantly surprised at the conclusions regarding CVE / NVD, which I think are largely accurate. As grim a picture as is painted, they are still a bit too generous. I say that […]

  • Will the Real 300,000 Stand Up?
    Will the Real 300,000 Stand Up?

    On September 27, 2022, Flashpoint’s VulnDB hit the 300,000th entry added to the database. Think about that and .. wow. I started the adventure of collecting vulnerabilities around 1993, back when it was all flat text files, and my hacker group used a FILES.BBS file as an index, pointing to many hundreds of other text […]

  • security@ Is a Two-way Street
    security@ Is a Two-way Street

    More and more companies are embracing the benefits of maintaining a dedicated security team to not only help manage internal processes such as a systems development life cycle (SDLC) that may focus on security, but to also manage vulnerability reports from external parties. Some companies choose to implement bug bounty programs, and some do not. […]

  • Microsoft SIR and Vulnerability Statistics
    Microsoft SIR and Vulnerability Statistics

    [I wrote this for my day job back in February, 2017, but it never got posted. Including it here for reference.] The notion of expertise in any field is fascinating. It crosses so many aspects of humans and our perception. For example, two people in the same discipline, each with the highest honors academic can […]

  • Let’s Talk About 0-days
    Let’s Talk About 0-days

    [This was a first draft of an article to be published on the Flashpoint Threat Intel blog. Ultimately, parts of it were adopted for a different blog but the original remains considerably different. Curtis Kang contributed significantly to the finished blog below.] Zero-days (0-days and other variations) are exploitable vulnerabilities that the general public is […]

  • Titan 1 Missile Silo Exploration
    Titan 1 Missile Silo Exploration

    [Note: This is a more detailed account to accompany pictures I have had online for some time. Also be warned, a few pictures are of graffiti from the early 90s and may be offensive.] I’m sure most people have heard about, and even seen pictures of, old missile silos from the 1950s and 1960s. Some […]

  • Netflix: Why People Are Leaving You… (The Unspoken Reason?)
    Netflix: Why People Are Leaving You… (The Unspoken Reason?)

    I can be long-winded in my blogs, I know, and there is a lot to unpack here. I’ll try to keep it brief. Famous last words =) Any Netflix engineers reading, it will be worth your time even if you skim fast. In the last month there has been global news coverage about Netflix losing […]

  • 2022 #MakeHimHurt Challenge
    2022 #MakeHimHurt Challenge

    On the back of my Cross-country Drive blog, Part 5 specifically, the fine folks at Sonflower have decided to put me to the test and try to “make me hurt“. This came in the form of a Give Lively fundraiser and two donations to kick it off. The ringleader in this effort, Alicia, not only […]

  • 2022 Cross-country Drive (Part 5: Crisis of Confidence)
    2022 Cross-country Drive (Part 5: Crisis of Confidence)

    While this is part 5, and final, in my series covering my recent cross-country road trip, this one will be considerably different in topic. It will also be somewhat depressing to animal lovers at the start but hopefully swing back to a happier tone by the end. This one will not cover aspects of a […]

  • 2022 Cross-country Drive (Part 4: Food)
    2022 Cross-country Drive (Part 4: Food)

    As someone who has worked entirely too much, and grinded through too many 12+ hour days, food has been one bright spot the past ten years. That occasional chance at a meal that is above and beyond, that becomes breaks, lunch, dinner, and an island of enjoyment in an otherwise crappy day. With a three […]