1. 2019

  2. Security wish list for 2019
  3. 2018

  4. Optimize for Auditability
  5. The worst truism in information security
  6. Lessons learned at USDS
  7. Known unknowns - zero-days in the wild
  8. The mysterious case of (deny dynamic-code-generation)
  9. 2017

  10. A vulnerability by any other name
  11. Response to Deputy Attorney General Rosenstein's remarks on Encryption
  12. Surviving Apache Struts CVE-2017-5638
  13. Categorizing Security Engineering Work