• Wait… We Needed That CNA Rule?! A Complaint =)
    Wait… We Needed That CNA Rule?! A Complaint =)

    It’s one of those rules you’d never think we needed until something happens… On March 27, a VulnDB (not to be confused with VulDB) analyst noticed that a CVE description had a line appended that basically advertised the service of the assigning CNA. CVE-2026-4963 had a pretty standard description from VulDB (not to be confused with…

  • Miggo, KEV, and FUD; They Still Don’t Get It
    Miggo, KEV, and FUD; They Still Don’t Get It

    [If the name ‘Miggo’ is familiar to you in the context of my blogging, you are thinking about one I wrote titled “Miggo Security’s AI Slop & Potential Trademark Infringement” in July, 2025. That was more around ‘corporate’ culture and bad lawyering. This blog is different, pointing out how they don’t seem to understand KEV…

  • What Do 2025 CVE Numbers Mean? An Intro.
    What Do 2025 CVE Numbers Mean? An Intro.

    [This was originally my proposed introduction for Flashpoint’s 2026 Global ThreatIntelligence Report. Due to the style of the report and covering a lot more intelligence sectors than vulnerabilities, only pieces of this were used. So I am publishing the entire original draft here for posterity.] The fact that there were over 48,000 CVEs published last…

  • NaClCON Talks I Am Excited For
    NaClCON Talks I Am Excited For

    Earlier this month, I published “My Unofficial NaClCON FAQ” talking about a new security conference (NaClCON) that I am excited for. It’s still a bit surprising to myself that I am interested in one at all. I fully thought I was done with them, but here we are! After participating on the Call For Papers…

  • YouTube: I Don’t Think You Understand Your Userbase
    YouTube: I Don’t Think You Understand Your Userbase

    It’s pretty rare that I use YouTube on a television, typically only if in the mood for specific music. Even then it tends to be a handful of videos as my ‘go to’. Earlier this month I was in the mood for such a concert and loaded it. I am authenticated as my Google account,…

  • The Jericho Blog Graveyard (2001 – 2013)
    The Jericho Blog Graveyard (2001 – 2013)

    This is a continuing short run series of blogs summarizing old drafts and either declaring them dead, while listing them here, or keeping them as they are still relevant. Part 1 – The Jericho Blog Graveyard (2010 – 2013)Part 2 – The Jericho Blog Graveyard (2014 – 2015)Part 3 – The Jericho Blog Graveyard (2016…

  • Windows 10 Fails
    Windows 10 Fails

    [This was originally started on 2021-03-07, adding notes from months before that. Given the time that has passed, I will not finish this but wanted to post my notes, as is.] windows is X years old, and despite the bloating and bugs, they still haven’t figured out some pretty basic UI/UX things. these are the…

  • The Jericho Blog Graveyard (2016 – 2020)
    The Jericho Blog Graveyard (2016 – 2020)

    This is a continuing short run series of blogs summarizing old drafts and either declaring them dead, while listing them here, or keeping them as they are still relevant. Part 1 – The Jericho Blog Graveyard (2010 – 2013)Part 2 – The Jericho Blog Graveyard (2014 – 2015) Part three: Interestingly enough, I found a…

  • The Jericho Blog Graveyard (2014 – 2015)
    The Jericho Blog Graveyard (2014 – 2015)

    After my last blog on the draft graveyard, which was the first, I am down to 117 that go back to 2014. Twelve years is a bit too long to sit on a blog typically. So like before, here are ideas I had to write about but never did. What is really interesting to me…

  • Reason #42 Why InfoSec Has Failed
    Reason #42 Why InfoSec Has Failed

    Building on a prior post, with an admittedly arbitrary number that seems to be about right as far as the number of reasons, and more in this series coming in the future… This is a quick story to give readers an idea of just how bad our industry really is. This is not anecdotal either,…