Month: August 2017

  • I wanted to support the Red Cross during Harvey… (but I can’t, so I need alternatives…)

    File this under “blogs I didn’t expect to, or want to write tonight”. With hurricane Harvey causing incredible damage and distress to Texas, many of us are looking for ways to help. I’d love to be down there in a boat rescuing animals or humans, bringing free bottled water (as opposed to the horrible alternative), […]

  • Researchers Find One Million Vulnerabilities?!

    [This was originally published on] No researcher has yet claimed to find one million vulnerabilities, but we are sure to see that headline in the future. Every so often we see news articles touting a security researcher who found an incredible number of vulnerabilities in one product or vendor. Given that most disclosures involve […]

  • That Vulnerability is “Theoretical”!

    [This was originally published on the OSVDB blog.] A few days ago, while writing a draft of a different blog, I made reference to and said “we’re well aware of the pitfalls around calling a vulnerability ‘theoretical’“! I wanted to link off to what I was referencing, a case where security researchers found a vulnerability […]

  • 20 Seconds to Comply; 17+ Years to Get It Wrong. From “Roboguard” to “Steve”!

    Recently, news broke of a robot security guard lovingly nicknamed “Steve” who drowned in a fountain in the lobby of the building he was sworn to protect. The various Tweets and news articles jumped all over it, with articles anthropomorphizing Steve and headlines such as “Security guard robot ends it all by throwing itself into […]