The Shadow Software Supply Chain
StackOverflow and GitHub Co-Pilot have made untrusted code rampant in production applications. A focus on services will help mitigate the risks and enhance security.
Are We Actually in a Tech Winter?
ℹ️I am not an investment analyst and nothing in this article should be considered investment advice. Markets are cyclical. Stock markets are cyclical. Labor markets are cyclical. The tech world has been shaken by recent layoffs. For many people in tech, the ideas of layoffs were previously unimaginable. I
A Practical Look at AI
In this post, I try to look past the hype or doom around AI and look into what useful results can be obtained through AI, and where I think the technology can realistically go.
Building Your Personal Brand
Are you an RIT student looking to take your career to the next level? Learn how to get your dream job by finding your niche and building your personal brand.
How to Say Goodbye
At some point, we will all have to leave an organization. It might be a company, a nonprofit, an extracurricular, or something else. A lot of people, including myself, get very emotionally invested into the work we do. Leaving is almost always hard. What is even harder is leaving with
Value-Oriented Cybersecurity
Software engineering is in a rough spot right now. Cybersecurity has made it through largely unscathed. However, the industry should learn from this and align with investor interests to bring long-term stability.
First Principles and the Future of AI
💡The following content is opinion. All views expressed are my own and do not represent the views or policies of my employer, past or present, or any other organization with which I may be affiliated.Read all disclaimers at beave.rs/disclaimer Last year, I developed a five-year plan for
The World Has Too Much Code
The goal of application security is consistently bug-free code. Open Source may be the way to reach that goal.
Securing Open Source Software
Securing Open Source SoftwareFOSS Research Project.pdf2 MBdownload-circle This is a presentation that I gave as part of my class on Humanitarian Free and Open Source Software (HFOSS) about tools and techniques that FOSS maintainers can use to secure their projects. I began my presentation by talking about Log4J. Log4J&
BSides Toronto - Quality Engineering
Download the Slides Quality Engineering AppSec.pdf 15 MB download-circle Sign Up for my Newsletter What does it take to have a successful SDLC program? In this talk, I step beyond the policy, and share my experiences turning a failing software development team into one that was both fast and
2023 All Things Open
👋Hello! I am going to be speaking on a panel at All Things Open. More info will be released soon. Panel: Open Source Compliance & Security OSI Track Tuesday Oct 17 @ 1:30 PM - 2:15 PM
The Shadow Software Supply Chain
StackOverflow and GitHub Co-Pilot have made untrusted code rampant in production applications. A focus on services will help mitigate the risks and enhance security.
Services: The AppSec Inflection Point
Application Security (AppSec) teams should strive to adopt a service-oriented model, leveraging API proxies to deliver security across stacks.