This is so, so well-articulated.

VRP @ Google -- a look inside a large self-hosted VRP

What's strange about go.dev/play/p/4fc3Y... 👀

Attend my presentation in the Bug Bounty Village @ DEFCON today at 5pm to learn more!

PhD Timeline xkcd.com/3081

I missed the "Top Secret//ORCON//Signal" banner, my bad

Quick question -- in Signal, how do I differentiate my EZpass scam messages from those sent by the Pentagon?

BSides CambridgeMA CFP is open!!! bsidescambridgema.org/call-for-pro... 👀🎉

To answer your first question -- yes, we would accept submissions for golang.org/x repos

🤦‍♂️ amazing spot. Our intention was to only remove it for one-liner changes as reflected on the rules page. We updated the blog post to match!

Good question, let me check with our team and I'll get back to you

Blog: Level Up Your Open Source Karma (And Your Wallet) by Improving Security This blog post takes you through everything you need to know about the Patch Rewards Program, including our newly introduced focus on memory safety (including reward multipliers!), recently increased ...

🛡️💸 We've revamped our Patch Rewards Program, extending its scope and increasing rewards for security patches – with a particular focus on memory safety, including bonus multipliers!

bughunters.google.com/blog/5273064...

My Bitcoin wallets on Google Drive from ~2013

🎵Should I open it? Or should I keep it sealed?

Blog: The Great Google Password Heist: 15 years of hacking passwords to test our security (and build team culture!) The Leaving Tradition in Google's security team, which could be described as a type of small-scale offensive security exercise, is a great (and fun) example of team culture. Curious? See this blog pos...

I don't often post about my work but bughunters.google.com/blog/6355265... is actually super cool thing my team is doing. These short term redteams focused on just stealing our passwords were always amazing to highlight how severely broken complex systems are. The internal writeups are so, so fun!

Reported, thanks for the headsup

Check out the OSS Fuzz projects scope line :) github.com/google/oss-f...

Open Source Security Patch Rewards The Patch Rewards program rewards proactive improvements to security in open source projects.

bughunters.google.com/open-source-... for fixing?

Digital equipment corporation inter-departmental correspondence envelope

Going to start posting here more often. If this doesn't work out, I found a good fallback.

Hello w̶o̶r̶l̶d̶ blue sky!