Tag: Carsten Eiram

  • Microsoft SIR and Vulnerability Statistics

    Microsoft SIR and Vulnerability Statistics

    [I wrote this for my day job back in February, 2017, but it never got posted. Including it here for reference.] The notion of expertise in any field is fascinating. It crosses so many aspects of humans and our perception. For example, two people in the same discipline, each with the highest honors academic can…

  • Log4Shell: Redefining Painful Disclosure

    Log4Shell: Redefining Painful Disclosure

    Log4Shell is yet another example of why we simply don’t get security right, and it strongly suggests there is little hope for change. There are plenty of blogs and articles that do a great analysis of the vulnerability from the exploitation and impact angle of this vulnerability. There are a lot fewer that examine why…

  • The Duality of Expertise: Microsoft

    [This was originally published on the OSVDB blog.] The notion of expertise in any field is fascinating. It crosses so many aspects of humans and our perception. For example, two people in the same discipline, each with the highest honors academic can grant, can still have very different expertise within that field. Society and science…

  • 2007 Black Hat / DEF CON

    Tuesday, July 31st, 2007 – Black Hat – Day 1 Flight was uneventful. McCarran has a new car rental complex a ways from the airport. Leaving the complex dumps you directly on the strip, how convenient! I imagine someone on the tourism board is happy with themselves. Rented from Hertz as usual. While I did…