A Guide To Threat Modelling for Developers
tl;dr: "Threat modelling is a risk-based approach to designing secure systems." This article encourages developers to start simple with 3 questions. What are you building? What can go wrong? What are you going to do?
featured in #185
What Science Can Tell Us About C And C++'s Security
tl;dr: Research suggests that using memory-safe programming languages results in reduction in number of vulnerabilities.
featured in #184
The Confessions Of Marcus Hutchins, The Hacker Who Saved The Internet
tl;dr: "At 22, he single-handedly put a stop to the worst cyberattack the world had ever seen. Then he was arrested by the FBI. This is his untold story."
featured in #182
Security And Privacy Implications Of Zoom
tl;dr: Zoom's problems fall into three broad buckets: (1) bad privacy practices, (2) bad security practices, and (3) bad user configurations.
featured in #180
Inrupt, Tim Berners-Lee's Solid, and Me
tl;dr: Bruce joined Inrupt, a company bringing a new model of managing personal data to life, designed by Tim Berners-Lee. All your personal data lives in a pod and is managed by you. Each pod has granular access that you command.
featured in #174
Why API Responses Should Be Signed
tl;dr: In an era of misinformation, Terence calls for APIs to be signed, and runs through why and conceptually how to implement this.
featured in #170
Two Malicious Python Libraries Caught Stealing SSH And GPG Keys
tl;dr: Two libraries were found stealing SSH and GPG keys. The libraries were named similar to common ones to trick developers into using them.
featured in #164