Vulnerability-Management
Hours, Not Days
I’ve been banging on about mean time to exploit for a while. Recent events make it worth saying again.
Read More![pip install malware: Why Python and JavaScript Package Ecosystems Are [almost] Unfixable](/images/blog/package-ecosystem-malware_hu_18a5e9c900d77460.webp)
pip install malware: Why Python and JavaScript Package Ecosystems Are [almost] Unfixable
pip, npm, and many other package managers are fundamentally broken from a security perspective. Not broken as in “needs patches.” Broken as in the core design makes the problem almost unsolvable.
Read More
To Catch a Rising (AI) Star
If your day-to-day life is primarily behind your monitor and keyboard, this article is for you. AI is coming fast for our jobs, and most of us are not as alarmed as we should be, nor know what to do about it. I’ve spent the last 12 months digging deeper and deeper into Generative AI, spent 100s of hours building tools with all the “standard” architectures, and I’ve come to some conclusions that I’d like to share with the rest of us. I’m hoping this gives you the point of view that I think we should all have.
Read More