The Problem with Open Source Software Security
Reporting vulnerabilities in open-source software is a nightmare. How can we make it better?
More issues
💎 The Ruby Association Certified Ruby Programmer Silver Exam
I wasted $150 to prove I kinda learned Ruby. And you can too!
Finding CVE-2022-3786 (openssl) with Mayhem
What is the bug?
Disclaimer, I didn’t discover the bug. I’m just here after the fact, showing how fuzzers can detect and prevent memory corruption issues like these. CVE-2022-3786 affected openssl versions 3.0.0 up to and including 3.0.6. This bug affected both clients and
Stop Using Single-Letter Command Line Options
Single-letter command line options are inferior for documentation. Stop using them if you're doing anything that anyone else relies on.
🐛 Fuzzing Random Ubuntu Packages with Mayhem - Part 1
About Mayhem
Mayhem is a cloud (or on-premises) fuzzing solution created by ForAllSecure. It has some great features that make fuzzing more approachable for software developers with little fuzzing experience. I almost think of it as a big red easy button for fuzzing. For experienced fuzz testers, it’s quite
Resume
My experience in life. 📈