Secure Software Blogwatch DevOps: Fix your dangerous redirects! Amex shows how Richi Jennings DevOps teams are still ignoring the danger of open redirector pages. Read More
Secure Software Blogwatch Post-quantum algo ‘SIKE’ dead: Did math geeks find key-encap back door? Richi Jennings Here’s more on NIST’s search for post-quantum cryptography: This week, is it in trouble? Read More
Secure Software Blogwatch Carbon aims to fix C++ memory safety (and other big flaws) Richi Jennings C++ sucks: It’s unsafe, unergonomic, has far too much legacy cruft and suffers from gatekeepers who won’t move with the... Read More
Secure Software Blogwatch AI ethics for DevOps: Diversity and ‘Kill All Humans’ Richi Jennings AI has a big ethics problem—and it’s down to Dev and Ops to fix it. Read More
Secure Software Blogwatch Devs: Prep for PQC — post-quantum cryptography Richi Jennings Experts say we need new key-exchange and signature algorithms, to resist attacks from quantum computing. Orgs have had... Read More
Secure Software Blogwatch Devs: Don’t do DIY cryptography — Police CyberAlarm shows why Richi Jennings It’s a truism often repeated: Don’t roll your own cryptography! The Police CyberAlarm service deftly shows why. Read More
Secure Software Blogwatch Copilot's rocky takeoff: GitHub ‘steals code’ Richi Jennings Should you use GitHub Copilot? “No,” say open-source fans. “Heck no,” say lawyers. “Yeah,” say the sort of devs who do... Read More
Secure Software Blogwatch Rejoice, devs and all! Privacy Pass standard nukes CAPTCHAs Richi Jennings Apple is to support the new Privacy Pass standard, to “attest” that its users aren’t robots. Google is expected to be... Read More
Software Supply Chain Security Software supply chain alert: ‘7 million’ cleartext access tokens in Travis CI logs Richi Jennings Travis CI cleartext logs are trivially easy to access—all 770 million of them. And researchers have found lots of... Read More
Secure Software Blogwatch How to make C++ memory-safe? Chrome targets UAF bugs with garbage collection Richi Jennings The solution to use-after-free bugs is to *not* free memory. Google’s Chrome team is the latest group to jump on the... Read More
Secure Software Blogwatch DevOps: Fix your dangerous redirects! Amex shows how Richi Jennings DevOps teams are still ignoring the danger of open redirector pages. Read More
Secure Software Blogwatch Post-quantum algo ‘SIKE’ dead: Did math geeks find key-encap back door? Richi Jennings Here’s more on NIST’s search for post-quantum cryptography: This week, is it in trouble? Read More
Secure Software Blogwatch Carbon aims to fix C++ memory safety (and other big flaws) Richi Jennings C++ sucks: It’s unsafe, unergonomic, has far too much legacy cruft and suffers from gatekeepers who won’t move with the... Read More
Secure Software Blogwatch AI ethics for DevOps: Diversity and ‘Kill All Humans’ Richi Jennings AI has a big ethics problem—and it’s down to Dev and Ops to fix it. Read More
Secure Software Blogwatch Devs: Prep for PQC — post-quantum cryptography Richi Jennings Experts say we need new key-exchange and signature algorithms, to resist attacks from quantum computing. Orgs have had... Read More
Secure Software Blogwatch Devs: Don’t do DIY cryptography — Police CyberAlarm shows why Richi Jennings It’s a truism often repeated: Don’t roll your own cryptography! The Police CyberAlarm service deftly shows why. Read More
Secure Software Blogwatch Copilot's rocky takeoff: GitHub ‘steals code’ Richi Jennings Should you use GitHub Copilot? “No,” say open-source fans. “Heck no,” say lawyers. “Yeah,” say the sort of devs who do... Read More
Secure Software Blogwatch Rejoice, devs and all! Privacy Pass standard nukes CAPTCHAs Richi Jennings Apple is to support the new Privacy Pass standard, to “attest” that its users aren’t robots. Google is expected to be... Read More
Software Supply Chain Security Software supply chain alert: ‘7 million’ cleartext access tokens in Travis CI logs Richi Jennings Travis CI cleartext logs are trivially easy to access—all 770 million of them. And researchers have found lots of... Read More
Secure Software Blogwatch How to make C++ memory-safe? Chrome targets UAF bugs with garbage collection Richi Jennings The solution to use-after-free bugs is to *not* free memory. Google’s Chrome team is the latest group to jump on the... Read More