1. 2018

  2. Lessons learned at USDS
  3. Known unknowns - zero-days in the wild
  4. The mysterious case of (deny dynamic-code-generation)
  5. 2017

  6. A vulnerability by any other name
  7. Response to Deputy Attorney General Rosenstein's remarks on Encryption
  8. Surviving Apache Struts CVE-2017-5638
  9. Categorizing Security Engineering Work
  10. Forward secrecy is the most important thing
  11. Introduction to Certificate Transparency for Server Operators
  12. A year of tracking my HTTP requests