Posted by Dave Aitel via Dailydave on Apr 21After spending some time looking at "Secure by Design/Default" I have no doubt many of you feel like something is missing - something that's hard to ...
Posted by Dave Aitel via Dailydave on Apr 17On Monday, I and 400 other people, including many on this mailing list, attended Sophia's funeral in a huge church in the upper east side of NYC. Alt...
Posted by Dave Aitel via Dailydave on Apr 02 Like everyone I know, I've been spending a lot of time neck deep in LLMs. As released, they are fascinating and useless toys. I feel like actually ...
Posted by Dave Aitel via Dailydave on Apr 01 The security community (aka, all of us on this list) still rages with the impact of Jia Tan putting a sophisticated backdoor into the XV package, a...
Posted by Tomi Tuominen via Dailydave on Mar 28Dear Daily Dave, For a hacker conference, twenty years is a huge achievement — for a small conference, even more so. Over these years we’ve ...
Posted by Dave Aitel via Dailydave on Mar 24There seem to be a lot of people who think the problem with cyber security is we aren't paying lawyers enough. This results in the current push for s...
Posted by Michal Zalewski via Dailydave on Mar 06Not really different from prototyping on the Linux kernel or the Chromium codebase - pick an old version if you want known bugs... you don't see...
Posted by Konrads Klints via Dailydave on Mar 06Windows XP and Windows 2003 partial source code is out there on github. With such a rich corpus of known vulnerabilities in those OS'es and sourc...
Posted by Christian Heinrich via Dailydave on Jan 26Telsh, The CISA responded to their draft deliverable on 29 November 2023 (Page 15) and have agreed to implement its recommendations by 31 O...
Posted by Dave Aitel via Dailydave on Jan 19So I wrote a little draft essay on Secure By Default and opened it for comment. I think one thing that we maybe forget in our community is that some ...
Posted by telsh via Dailydave on Jan 19Hey everybody, Please note the last sentence on page 3: "The scope of our audit was efforts during fiscal years 2019 through 2022" Not being a fanboy o...
Posted by Christian Heinrich via Dailydave on Jan 19Dave, https://www.oig.dhs.gov/sites/default/files/assets/2024-01/OIG-24-09-Jan24.pdf reached a different conclusion.
Posted by Dave Aitel via Dailydave on Jan 12So I have a ton of thoughts on the CISA Secure by Design and Secure by Default push that is ongoing, as I am sure many of you do. And the first thoug...