A Guide To Threat Modelling for Developers
- Jim Gumbley tl;dr: "Threat modelling is a risk-based approach to designing secure systems." This article encourages developers to start simple with 3 questions. What are you building? What can go wrong? What are you going to do?featured in #185
What Science Can Tell Us About C And C++'s Security
- Alex Gaynor tl;dr: Research suggests that using memory-safe programming languages results in reduction in number of vulnerabilities.featured in #184
The Confessions Of Marcus Hutchins, The Hacker Who Saved The Internet
- Andy Greenberg tl;dr: "At 22, he single-handedly put a stop to the worst cyberattack the world had ever seen. Then he was arrested by the FBI. This is his untold story."featured in #182
Security And Privacy Implications Of Zoom
- Bruce Schneier tl;dr: Zoom's problems fall into three broad buckets: (1) bad privacy practices, (2) bad security practices, and (3) bad user configurations.featured in #180
featured in #179
featured in #179
Inrupt, Tim Berners-Lee's Solid, and Me
- Bruce Schneier tl;dr: Bruce joined Inrupt, a company bringing a new model of managing personal data to life, designed by Tim Berners-Lee. All your personal data lives in a pod and is managed by you. Each pod has granular access that you command.featured in #174
Why API Responses Should Be Signed
- Terence Eden tl;dr: In an era of misinformation, Terence calls for APIs to be signed, and runs through why and conceptually how to implement this.featured in #170
featured in #168
Two Malicious Python Libraries Caught Stealing SSH And GPG Keys
- Catalin Cimpanu tl;dr: Two libraries were found stealing SSH and GPG keys. The libraries were named similar to common ones to trick developers into using them.featured in #164