1. 2018

  2. The worst truism in information security
  3. Lessons learned at USDS
  4. Known unknowns - zero-days in the wild
  5. The mysterious case of (deny dynamic-code-generation)
  6. 2017

  7. A vulnerability by any other name
  8. Response to Deputy Attorney General Rosenstein's remarks on Encryption
  9. Surviving Apache Struts CVE-2017-5638
  10. Categorizing Security Engineering Work
  11. Forward secrecy is the most important thing
  12. Introduction to Certificate Transparency for Server Operators