Contents: One (1) Darren @darrenpmeyer@infosec.exchange

Even though I'm skeptical of the methodology behind things like Gartner's Magic Quadrant and Forrester's WAVE, it is still a nice compliment to be at or near the top on things like that!

And doubly so when it's because we've invested heavily in making a better security tool experience for developers

https://www.businesswire.com/news/home/20210111005821/en/Veracode-Named-a-Leader-in-Newest-Evaluation-of-Static-Analysis-Security-Testing-by-Independent-Research-Firm

I finally am getting around to learning Golang (yay!) and JavaScript (meh!)

And once again I’m reminded that most language tutorials assume this is your first language. There’s got to be something between “learn x in y minutes” and “here let me teach you how to program, incidentally in x”

I remember when netbooks were A Thing, and it was because there was a market for “laptop that’s ok being underpowered because it’s so cheap and portable”, which has now been largely eaten by chromebooks and tablets

I want the same thing to happen again but with “this is a really nice screen and keyboard, but otherwise it’s basically a thin client”. Like a slightly less constrained Chromebook with a different set of trades

What's the collective wisdom on how much having a CEH (Certified Ethical Hacker) cert says about someone's pen-testing skills?

I seem to remember it being pretty basic, but I haven't looked at it in a while...

I'm hiring a Principal Security Researcher at Veracode. Fully remote always (not just for pandemic times). If you're interested or know someone, please either by apply at the link below or DM me here. Happy to answer any questions. Boosts appreciated

(also, I'm new at job descriptions so if you have advice on this one, please tell me)

https://www.veracode.com/job-post?gh_jid=4973169002

Welp, congrats everyone who completely ignored or massively downplayed the risk of COVID for political or economic reasons—we're back in lockdown until mid-December to try to keep hospitals from being overrun, you short-sighted, ignorant fucks

Always proud of the work @Veracode@twitter.com does on the State of Software Security report. Volume 11 is no exception: https://info.veracode.com/report-state-of-software-security-open-source-edition.html

(If you don't want to give out your contact for access, hit me up and I'll happily get you a copy)

If you use 3rd party network filters (like VPN clients or firewalls) on macOS, hold off on Big Sur. Pretty big hole that Apple's apps use and malware can use to bypass such tools using the new network filter system.

https://thenextweb.com/plugged/2020/11/16/apple-apps-on-big-sur-bypass-firewalls-vpns-analysis-macos/

HT @lrvick & @TheGibson

And this is why phishing is worth attackers' investment (HT WeldPond): https://twitter.com/tazwake/status/1326169429449854978

“Got to see my favourite type of Incident Ticket today.
User got suspicious email, reported it because when they followed the link it went to a sign in page but 'none of their corporate credentials worked'
For added value, service desk closed ticket cos it wasn't a supported site”