Darren Meyer 

@darrenpmeyer@infosec.exchange
468 Followers
106 Following
100 Posts

A Gray Jedi Capybara / weirdo geek into socio-technical systems resilience. Part-time #coffee and #Arduino nerd. If you “move fast and break things”, I’m the one who makes you clean up. #devsecops and #securityResearch focused on #appsec and #productSecurity.

Do not bother to follow me if you have anything against LGBTQIA+ folks, I have no patience left

- Security Research Advocate for Checkmarx;
- Managing Principal Consultant for Substance 36 LLC;

Opinions here are mine alone, not necessarily shared by organizations I work with or for

#embedded #espresso #biking #electronics

bloghttps://darrenpmeyer.com/
photoshttps://pxlmo.com/darrenpmeyer
Darren Meyer 3h ago
I really don’t want to Be A Brand here, but I feel like the “Last Week In AppSec” posts I make weekly for my employer would be interesting to at least some of y’all. Looking for a vibe check, here’s the most recent post link: https://checkmarx.com/zero-post/last-week-in-appsec-2025-07-08/
Post these as myself
Make a team account for this stuff
Don’t post my corp work here
Something else (reply?)
Poll ends at .
Last Week In AppSec for 08. July 2025 - Checkmarx

AI MCP leak from Anthropic, fraudulent verification in IDE extensions, and a Next.js Denial of Service (DoS) — last week in AppSec

Checkmarx
Darren Meyer 7h ago
Josh Sutphin10h ago
This rules so hard ❤️
https://www.status.news/p/the-onion-ben-collins-interview
Darren Meyer 7h ago
r҉ustic cy͠be̸rpu̵nk🤠🤖9h ago
Working on the keyboard for my DIY word processor, I thought it might be fun to try a custom capacitive key switch. I don't know if this is practical in any sense, but it finally gave me an excuse to use #KiCAD again
Darren Meyer 1d ago
Wolf1d ago
I'm not blind, but I get value out of alt text captions. Thank you to you people who take the time to add those to your photos.
Darren Meyer 1d ago
calcifer 1d ago

I’m not sure who said it or even if I’m getting it 100% right, but it has been on loop in my brain lately:

I’m too much of an idiot for this many people to be dumber than me

Darren Meyer 2d ago
Show threadJordan2d ago
@mcc “A compiler is a tool for reporting issues in code. If none are found, it emits an object file as a side effect.”
Darren Meyer 3d ago
Very Hairy Jerry3d ago
Some cell phone pics of fireworks my youngest and his friends set of tonight.
Darren Meyer 3d ago

Is there a non-US equivalent of the ISRG and/or LetsEncrypt? They’ve done excellent work making a more secure web, but having all our eggs in one country’s regulatory regime makes me nervous

And no, I don’t consider commercial offerings to be a solution — they have their place, but LetsEncrypt-style, no-cost, low-friction TLS certs are important too.

Show threadDarren Meyer 4d ago

I've written before about the business side of security. How the measure of a security program is ultimately "dollars of risk managed per program dollar spent", etc.

And I think some people have missed that while that's all true, it MUST operate in a broader context of global ethics. And I'm learning that far more "infosec people" than I would have expected can't be assumed to agree with that.

So on my side, expect to see me be a LOT more explicit about our duty to protect the network and community as a whole. Because tbh, that is and ought to be the whole fucking point.

Show threadDarren Meyer 4d ago

If you work for a security team in an organization, your job is to help that organization achieve its purpose *while behaving safely on the network*.

Sometimes that's an easier argument—hey org, if you don't have a control here, you could lose money. Other times it's much harder—hey org, I know this is cheaper for you, but if you go this route, you're externalizing risk to other people *and that's not ok*.

But it's your job to force that conversation, and its your duty to be clear-headed about when you accept compromise in exchange for improvement, and when you draw a bright line and stand your ground on it.