28 Years Later: Some Things Changed. The Important Stuff Didn't.

Twenty-eight years after warning the U.S. Senate that the internet was broken, the security industry has grown but the core problem hasn't changed. We're still writing vulnerable code and patching after the fact. AI is both accelerating the risk and, for the first time, pointing at a real fix: security built into the developer's workflow, upstream, before the damage is done.

#Semgrep #l0pht

https://semgrep.dev/blog/2026/28-years-later-cybersecurity/

Today is L0pht Day. In 1998 7 hackers in suits told the US Senate the internet was a house of cards. We said we could take it down in 30 minutes. They looked at us like we'd landed from another planet.

28 yrs later, the gap between what the security community knows and what decision-makers act on remains a fundamental problem.

Miss you, Peter Neumann. He testified that day too, with decades of hard-earned wisdom. We owe him.

The work isn't done. It never was.

#L0phtDay #InfoSec

Ok, this is kinda cool/scary/creepy/awesome. Claude knows who I am

"Claude responded: Thanks — that one was genuinely fun to write. Happy L0pht Day tomorrow, Space Rogue. 🖤"

In the future everyone will have their own personal AI agent/LLM.

!remindme 40 years

First blog post for the new job!

Security Should Be the Path of Least Resistance

Security often creates friction that frustrates developers and users, this can actually make systems less secure because when security is difficult, noisy, or just gets int he way, people bypass or ignore the controls.

https://semgrep.dev/blog/2026/security-should-be-the-path-of-least-resistance/