1. 2019

  2. Notes on fuzzing ImageMagick and GraphicsMagick
  3. Security wish list for 2019
  4. 2018

  5. Optimize for Auditability
  6. The worst truism in information security
  7. Lessons learned at USDS
  8. Known unknowns - zero-days in the wild
  9. The mysterious case of (deny dynamic-code-generation)
  10. 2017

  11. A vulnerability by any other name
  12. Response to Deputy Attorney General Rosenstein's remarks on Encryption
  13. Surviving Apache Struts CVE-2017-5638