Darren Meyer 

@darrenpmeyer@infosec.exchange
468 Followers
106 Following
105 Posts

A Gray Jedi Capybara / weirdo geek into socio-technical systems resilience. Part-time #coffee and #Arduino nerd. If you “move fast and break things”, I’m the one who makes you clean up. #devsecops and #securityResearch focused on #appsec and #productSecurity.

Do not bother to follow me if you have anything against LGBTQIA+ folks, I have no patience left

- Security Research Advocate for Checkmarx;
- Managing Principal Consultant for Substance 36 LLC;

Opinions here are mine alone, not necessarily shared by organizations I work with or for

#embedded #espresso #biking #electronics

bloghttps://darrenpmeyer.com/
photoshttps://pxlmo.com/darrenpmeyer
Show threadDarren Meyer 1d ago
The lies and hyperbole work for now; but some org is going to get stuck holding the bag on that “but it was sophisticated and impossible to defend against!” tactic when some savvy shareholder (or SEC wonk with an ax to grind) recognizes it as a material falsehood.
Darren Meyer 1d ago

I’m never one to victim-blame after a breach. Security is hard, social engineering always works eventually, and risk management is genuinely complex. Unless an org was WILDLY negligent, I’m a big believer in not shaming them for getting breached.

That said, the moment a breached org describes the breach as being the result of a “sophisticated” attack, every neck hair I have stands on end and I prepare to retract the benefit of the doubt. Because 99% of the time*, that “sophistication” was a kid claiming to be the county password inspector in an email or some shit.

Darren Meyer 3d ago
I really don’t want to Be A Brand here, but I feel like the “Last Week In AppSec” posts I make weekly for my employer would be interesting to at least some of y’all. Looking for a vibe check, here’s the most recent post link: https://checkmarx.com/zero-post/last-week-in-appsec-2025-07-08/
Post these as myself
Make a team account for this stuff
Don’t post my corp work here
Something else (reply?)
Poll ends at .
Last Week In AppSec for 08. July 2025 - Checkmarx

AI MCP leak from Anthropic, fraudulent verification in IDE extensions, and a Next.js Denial of Service (DoS) — last week in AppSec

Checkmarx
Darren Meyer 3d ago
Josh Sutphin3d ago
This rules so hard ❤️
https://www.status.news/p/the-onion-ben-collins-interview
Darren Meyer 3d ago
r҉ustic cy͠be̸rpu̵nk🤠🤖3d ago
Working on the keyboard for my DIY word processor, I thought it might be fun to try a custom capacitive key switch. I don't know if this is practical in any sense, but it finally gave me an excuse to use #KiCAD again
Darren Meyer 4d ago
Wolf4d ago
I'm not blind, but I get value out of alt text captions. Thank you to you people who take the time to add those to your photos.
Darren Meyer 4d ago
calcifer 4d ago

I’m not sure who said it or even if I’m getting it 100% right, but it has been on loop in my brain lately:

I’m too much of an idiot for this many people to be dumber than me

Darren Meyer 5d ago
Show threadJordan5d ago
@mcc “A compiler is a tool for reporting issues in code. If none are found, it emits an object file as a side effect.”
Darren Meyer Jul 5
Very Hairy JerryJul 5
Some cell phone pics of fireworks my youngest and his friends set of tonight.
Darren Meyer Jul 5

Is there a non-US equivalent of the ISRG and/or LetsEncrypt? They’ve done excellent work making a more secure web, but having all our eggs in one country’s regulatory regime makes me nervous

And no, I don’t consider commercial offerings to be a solution — they have their place, but LetsEncrypt-style, no-cost, low-friction TLS certs are important too.

×
r҉ustic cy͠be̸rpu̵nk🤠🤖3d ago
Working on the keyboard for my DIY word processor, I thought it might be fun to try a custom capacitive key switch. I don't know if this is practical in any sense, but it finally gave me an excuse to use #KiCAD again
Show threadr҉ustic cy͠be̸rpu̵nk🤠🤖3d ago

A capacitive key switch might actually be a bit too sensitive, now that I think about it. I can probably implement my own rubber dome if I turn the annular rings into isolated pads

Thanks to the huge UX improvements to #KiCAD since I used it last, this was fairly straightforward