• Concert: Tash Sultana
    Concert: Tash Sultana

    On Saturday night, I went to my first concert in … a long time, maybe a decade? In fact, someone asked me when the last concert I went to was and it sent me down a rabbit hole because apparently I didn’t start using Google Calendar until much later than I remembered. After digging through…

  • Speaking Ill of the Dead?
    Speaking Ill of the Dead?

    Folks in the Information Security (InfoSec) circles are getting old. It is evident from the last few years and seeing those we know, in some capacity, passing on. For many of us still here, we find ourselves battling a world of conditions ranging from the relatively simple high blood pressure, to the more complicated like…

  • That Vulnerability is “Trending” … a Redux
    That Vulnerability is “Trending” … a Redux

    A couple weeks ago I published a blog titled “That Vulnerability is ‘Trending’ … So What?“. I didn’t think I would be publishing another on this topic, especially this fast. But I ran into another absurd case of a vulnerability “trending” and figured out why, which is even more ridiculous. I caused this… A CVE…

  • That Vulnerability is “Trending” … So What?
    That Vulnerability is “Trending” … So What?

    Yesterday, more than one organization reached out to my company asking why a particular vulnerability wasn’t in VulnDB yet. First, it had been less than 24 hours since publication in CVE/NVD, NVD hasn’t analyzed it as of the time of this blog, and it is in software no significant business would use. It’s part of…

  • Do you want the best cocktail?
    Do you want the best cocktail?

    Do you want the best cocktail you have probably had in recent years? Assuming you don’t go out too much and partake in all of the drinks? There’s a simple way I have found, that has a near 100% success rate. Even better, it almost always makes the person taking your order, or your bartender,…

  • 2022 #MakeHimHurt Challenge – The Results
    2022 #MakeHimHurt Challenge – The Results

    On July 17, 2022, I posted a challenge to help raise money for wildlife rehabilitation nonprofits in Colorado on the back of a cross-country drive last year. It’s a cause near and dear to my heart as I volunteer in this realm, primarily helping squirrels and raccoons. Since wildlife rehab shops get so little from…

  • Rebuttal? Not really… Comments on Curphey’s Latest Blog
    Rebuttal? Not really… Comments on Curphey’s Latest Blog

    I went into a LinkedIn post expecting to have to buy a new box of red sharpies to be honest, but I am pleasantly surprised at the conclusions regarding CVE / NVD, which I think are largely accurate. As grim a picture as is painted, they are still a bit too generous. I say that…

  • Will the Real 300,000 Stand Up?
    Will the Real 300,000 Stand Up?

    On September 27, 2022, Flashpoint’s VulnDB hit the 300,000th entry added to the database. Think about that and .. wow. I started the adventure of collecting vulnerabilities around 1993, back when it was all flat text files, and my hacker group used a FILES.BBS file as an index, pointing to many hundreds of other text…

  • security@ Is a Two-way Street
    security@ Is a Two-way Street

    More and more companies are embracing the benefits of maintaining a dedicated security team to not only help manage internal processes such as a systems development life cycle (SDLC) that may focus on security, but to also manage vulnerability reports from external parties. Some companies choose to implement bug bounty programs, and some do not.…

  • Microsoft SIR and Vulnerability Statistics
    Microsoft SIR and Vulnerability Statistics

    [I wrote this for my day job back in February, 2017, but it never got posted. Including it here for reference.] The notion of expertise in any field is fascinating. It crosses so many aspects of humans and our perception. For example, two people in the same discipline, each with the highest honors academic can…