| Pronouns | She/her |
| GitHub | https://github.com/DemiMarie |
| Matrix | @alwayscurious:matrix.org |
so hey
we're looking for work, preferably in a non-profit, but given the historical moment we're at, we're open to for-profit if it's doing something socially positive
we have a strong background in information privacy (ex-Google). we have years of non-profit governance experience. we've been coding intensely since early childhood and, depending how you count, have nearly 40 years of experience at that. we also have experience managing other programmers.
anyone know of anything?
An avalanche of reports (both good and bad quality) had strained existing processes and teams. On the other hand, improved tooling also helped defenders do better internal research and speed up patching, among other processes.
Overall, security research might be better with AI tooling, but we also need to throw more humans at the problem. And pay them well.
Recent trends are generally good for users (better security, hopefully). But it's bleak for security researchers who focus on bug bounties, myself included.
I can probably no longer make decent income from VRPs. I don't know how many others can too, given the widespread suspension of VRPs or narrower scopes of higher-difficulty issues (~good) with historically-low rewards (awful). While I had seen this coming for a year or so, it's still disappointing.
RE: https://mastodon.social/@glyph/116467306761201245
Computers are not a neutral tools you can just not use if they misbehave - especially nowadays, they for many people a fundamental tool of their work (which means survival), social interaction (which is a basic need), fulfilling societal obligations such as taxes or various other legal duties (also close to survival).... it's not consent if the alternative is losing your job, not getting to pay taxes, losing the ability to chat with friends.
@mxchara hope is not a thing we arrive at through reason
hope is a prerequisite to survival. we have to take it as a given
.... while not allowing it to damage our ability to do reasoned analysis about the situation, strategy, all that
can't say it's easy
okay, look, apparently we need to say this
yes, mandatory identity verification to use a computer is bad. it infringes on fundamental civil liberties.
yes, this current bill would do that. it smartly leaves the details up to the FTC to decide later, which confuses the public conversation because people don't want to believe bad things that they don't read in extremely plain language.
I’m thrilled to share that I’ll be teaching at Black Hat USA this August!
My training is Secure Coding for Embedded Systems in C and C++.
If you write firmware or low-level code, we’ll dig into the security pitfalls that show up again and again in C and C++ and practice fixing them together.
Lots of vulnerable code. Lots of practical fixes. Lots of ways to build safer software.
🎥 Watch the short video below
🔗 Save your seat: https://twp.ai/E6HcfX
It’s fine to not allow LLM-generated, or even LLM-assisted, code contributions.
Rejecting valid reports of security vulnerabilities because they were generated with LLM assistance is foolish. All it does is make life easy for criminals and cyberweapon vendors.
For what it is worth, OpenBSD seems to have exactly this policy. They reject LLM-generated code, but promptly fixed a remote DoS found by Claude Mythos Preview and confirmed by Anthropic.
Irenes (many)
Alesandro Ortiz 🇵🇷🏳️🌈
marmarta
Tanya Janca | SheHacksPurple 