@SinclairSpeccy I once gave a talk on #swsec at bell labs. Dennis was in the front row. That talk included a "C is bad" chant as a silly hook (with audience participation). Dennis nodded his permission to proceed. The talk was really fun and was a harbinger of early static analysis tools.

I was the victim (er, guest) on a recent podcast. Have a listen. #swsec @appsec #infosec #MLsec

https://www.synopsys.com/blogs/software-security/building-security-in-podcast-machine-learning-ai/

@briankrebs I have been working on the ML stuff seriously again for four years after a 20 year hiatus to do #swsec. See https://berryvilleiml.com

Happy to chat anytime, esp on the porch by the river.

Only one more talk to go. Four in a row is a bit taxing. #swsec #MLsec

Today's talk at secappdev was all about the flaw #swsec #appsec

You do ARA aka threat modelling, right?

Secappdev talks #swsec #appsec and #MLsec.

Listening to the very last Silver Bullet episode from December 2018. This episode featured my work.

Have a listen #swsec #appsec

https://apothecaryshed.files.wordpress.com/2019/01/silverbullet-153.mp3

@SheHacksPurple Jim routh and I published a clear ROI with numbers from Aetna for a #swsec initiative based on cost to build and repair software. We did not break out the satellite number by itself, but that part played some role.

In my experience, a champions/satellite program only makes sense after a number of other activities are in place.

I have real questions about this. We had a DARPA project on this idea after the one where we invented SAST, and it was a mess. We were using AOP.

This is very vague and I am highly skeptical.

#swsec

https://www.securityweek.com/mobb-raises-5-4-million-in-seed-funding-for-automatic-vulnerability-fixing-tool/

A link to the RECORDED #ML for #threatmodeling webinar I did yesterday with @adamshostack is now available behind a registration wall.

#swsec #MLsec

https://www.iriusrisk.com/impact-machine-learning

Webinar (requires registration) in 20 minutes. Feel free to join in as @adamshostack and I discuss Threat Modelling, Machine Learning, and Security.

#appsec #swsec #ML #MLsec

Will Adam be replaced?

https://www.iriusrisk.com/impact-machine-learning

Doing a webinar on risk analysis #swsec and #ML tomorrow. Chances are we will talk #MLsec as well.

Register now.

https://sigmoid.social/@cigitalgem/110096224029521535

@Riedl Same here. But I am not going to sign.

FWIW, #MLsec today reminds me of the very early days of #swsec circa 1998.

Crock of shit alert!

Don't build security mechanisms out of broken stuff. We already learned this in #swsec. Now we're at it with #mlsec

https://techcrunch.com/2023/03/28/microsoft-lets-generative-ai-loose-on-cybersecurity/?guccounter=1

@nsaphrayes!

I used to say the exact same thing about software. Or wait. I still say the same thing about software.

ML tech is software.

#MLsec is #swsec

@adamshostack ok. You made me look. I am officially ok with "attack fractals"

#swsec

I just asked chatGPT to outline a 20 slide talk I am supposed to deliver for the NSF next week. It did a very literal job. But not bad.

Comparing #swsec and #MLsec

Coming up this month! #swsec #MLsec #ThreatModelling #ARA https://www.iriusrisk.com/impact-machine-learning

Wrote a thing on software security training with Matias madou yesterday. Data driven guidance. #swsec

Grading #swsec final exams, and I learn to my astonishment that @cigitalgem has his own Common Criteria evaluation scheme