Category Archives: General Security

Meetings are for discussion, emails are for status

Just a short observation. I don’t think you should ever hold a meeting just read out status updates. If there isn’t time to meaningfully discuss the topics at hand, there’s no point in holding a meeting. Just send an email, … Continue reading

Posted in General Security | 3 Comments

Perceptions of risk

At Blackhat & Defcon recently I was once again surprised by the number of security professionals who refused to touch a networked device for the duration of the conference. Yes, the risk is elevated and people might have zero days. … Continue reading

Posted in General Security | 6 Comments

Regarding your Baby

Having been at Mozilla for some time now, I’m still fascinated by the varying perceptions people have of security reviews. To some developers it feels like the Spanish Inquisition (minus the comfy pillows), while to others its an opportunity to … Continue reading

Posted in General Security | 3 Comments

Choosing Security

Some of the most common reasons I hear from people for coming to Mozilla are “I want to have an impact”, “I want to work on things that matter” and “I want my work to touch lots of people”. Many … Continue reading

Posted in General Security | 1 Comment

The Uber-Fuzzer

A few weeks ago I had the chance to speak at a panel at the Hack in the Box conference in Amsterdam. For those of you not familiar with the Hack in the Box organization, its a great bunch of … Continue reading

Posted in General Security | 4 Comments

Contextual Identity

We’ve been thinking and discussing, and then thinking some more, about both privacy and identity at Mozilla. So far we have generally been treating them as two separate sets of issues, but I’m beginning to wonder if there might be … Continue reading

Posted in General Security | 18 Comments

Korea: 1995 -> 2010

Last week I had the opportunity to travel to Korea to speak at a short conference regarding the unique Korean authentication requirements for banks and e-commerce. The rules originated in the mid 90’s, in response to a perceived lack of … Continue reading

Posted in General Security | 3 Comments

Evolution of Software Security – Predictions for 2020

Attackers will become increasingly more efficient at discovering & exploiting vulnerabilities, even as application developers continue to try to reduce the attack surface. This has several implications: Attackers will depend less on random manual testing to find vulnerabilities.  Instead, attackers … Continue reading

Posted in General Security | 2 Comments