Uncle Joe
LightNews LightNews
banner
sydseter.com
Uncle Joe
@sydseter.com
23K followers 19K following 940 posts
Co-leader OWASP Cornucopia. If you like what we do for open source, visit our code repository https://github.com/OWASP/cornucopia and give us a star ⭐

🌈 «Difference is of the essence of humanity» 🦄 – John Hume

#appsec #owasp #cornucopia #threatmodeling
Posts Replies Media Videos
Pinned
sydseter.com
Uncle Joe @sydseter.com · Nov 25
If you want others to do threat modeling for you, then please, for the love of god, at least, make it a bit fun!
copi.owasp.org
cornucopia.owasp.org
#owasp #cornucopia #appsec #threatmodeling #threat-modeling
sydseter.com
It has become obvious clear to me that large part of world are either trying too hard to follow the example of Sir Nevile Henderson with regards to Ukraine or are too occupied with what they themselves can get out of it to care about the common good. It does not bode well unless we grow a spine.
December 27, 2025 at 2:39 PM
sydseter.com
“The Trump administration will no longer tolerate these egregious acts of extraterritorial censorship.”

So that censorship and hate can continue unabated.

www.theguardian.com/technology/2...
European leaders condemn US visa bans as row over ‘censorship’ escalates
Washington accused of ‘coercion and intimidation’ after five leading figures behind digital safety law campaign targeted
www.theguardian.com
December 25, 2025 at 7:24 AM
sydseter.com
And so we are gathered here today in memory of a life not well lived that lasted no shorter than what was expected. Together with all the grieving relatives, relieved that management pulled the plug after AI made it to expensive.
December 24, 2025 at 8:57 AM
sydseter.com
This is a typical example of how the use of autonomous cars have been premature. AI is great at pattern recognition, but when something unplanned happens the only safe course of action is shutting down. No human means full stop. Any critical system that work less than 99,99% of the time is flawed.
aniccia.bsky.social John Berry @aniccia.bsky.social · 8d
PG&E is having a massive outage in San Francisco. Waymo robots aren't handling the traffic light outages well. Cell service is also out is some places.

No surprise as Waymo robots & cell have repeatedly failed during power outages.

CPUC regulates both Waymo and PG&E (Profit Greed & Explosions).
December 21, 2025 at 6:03 PM
sydseter.com
AI is not taking over the world anytime soon.
confunctionist.bsky.social Chicago Will Win @confunctionist.bsky.social · 12d
California judge rules that Tesla engaged in deceptive marketing around Autopilot www.cnbc.com/2025/12/16/c...

“.. Tesla Robotaxis are crashing once every 40,000 miles, whereas the average human driver in the US crashes about once every 500,000 miles.” sherwood.news/tech/teslas-...
California judge rules that Tesla engaged in deceptive marketing around Autopilot
An administrative law judge in California ruled Tesla's license to sell or manufacture cars in the state should be suspended for 30 days.
www.cnbc.com
December 17, 2025 at 7:50 PM
Reposted by Uncle Joe
mrsbettybowers.bsky.social
Thoughts and prayers to all you anti-gay conservative Christian men, like Mike Johnson and Lindsey Graham.
December 16, 2025 at 9:59 PM
sydseter.com
It’s vital that we support open source software. Without it, our ability to respond to challenges and manage our lives will diminish, so will our ability to survive. Even the multi trillion dollar software industry is born on the backs of free- and open source kode.
rbreich.bsky.social Robert Reich @rbreich.bsky.social · 14d
After taking over housing and healthcare, private equity is now buying up software used by volunteer fire departments — making it even harder for rural communities to respond to emergencies.

The only winners from private equity's price-gouging spree are wealthy investors.
Private Equity Finds a New Source of Profit: Volunteer Fire Departments
www.nytimes.com
December 15, 2025 at 7:50 PM
Reposted by Uncle Joe
shehackspurple.bsky.social
I will be speaking at OWASP Leiria Meetup December 18th, come join us online for free! Corey .J Ball will also be there, and I will be discussing "Minimal Viable AppSec", how to build a program on a budget. Let's go! #owasp #appsec

https://twp.ai/9PXxkf
December 14, 2025 at 3:07 AM
Reposted by Uncle Joe
righettod.eu
💡 Very interesting article about output escaping in an API context:

#appsec #appsecurity #api

treblle.com/blog/api-esc...
It’s an API, do I really need to escape anything? - Treblle
Escaping output is often overlooked in APIs, but it’s crucial for preventing security vulnerabilities like XSS attacks. Even when returning JSON, unsafe characters can lead to risks if not properly es...
treblle.com
December 14, 2025 at 7:51 AM
sydseter.com
Last time I voted — I voted on what my son told me to vote for. He’s 11. Next time, I’ll make sure to include my second son as well. Whatever they decide, I’ll go for it. Kids need to learn the importance of democracy. It’s essential for protecting our rights and liberties.
December 11, 2025 at 8:07 AM
sydseter.com
When ever I think about how we are empowering #AI agents to do the the shopping for us it reminds me of this incredible mind reader from Belgium that wasn’t so incredibly after all. #Online #fraudsters just got a super weapon.

youtu.be/F7pYHN9iC9I
Amazing mind reader reveals his 'gift'
YouTube video by Duval Guillaume
youtu.be
December 10, 2025 at 11:25 AM
sydseter.com
Racism and bigotry asides. The thought of going scares the life shit out of me and the rest of the family.
thetnholler.bsky.social The Tennessee Holler @thetnholler.bsky.social · 19d
TRUMP: “I said why is it we only take people from shithole countries? Why can't we have some people from Norway, Sweden, Denmark… But we always take people from Somalia— places that are filthy, dirty, disgusting.”

Such a mystery what he means when he says this stuff, isn’t it?
December 10, 2025 at 6:44 AM
Reposted by Uncle Joe
owasp.org
🔥 London OWASP Training Days Trainer Spotlight!🔥
We’re thrilled to feature @GrantOngers, who’ll be delivering a 1-Day Training: API Basics for Security Engineers & API Security for Everyone. Ready to level up your API security skills? Don’t miss this one.
See full details: owasp.glueup.com/eve...
December 5, 2025 at 1:01 PM
Reposted by Uncle Joe
owasp.org
🎤 So You Want to be an OWASP Speaker?
OWASP is turning 25! 🎉 Join our FREE session to get tips, build confidence, and learn how to become a standout speaker. Whether you're new or experienced, we’ll help you shine on stage.
👉 owasp.glueup.com/eve...

#appsec #cybersecurity #devsecops #upskill
December 8, 2025 at 4:41 PM
sydseter.com
I have a better idea. What if we just abolished the use of X in Europe? Again, just an idea. I am simply spitballing here.
December 8, 2025 at 9:55 AM
Reposted by Uncle Joe
webtonull.bsky.social
The call for papers for NDC Security ends tomorrow. Come do your talk in Oslo: ndcsecurity.com/call-for-pap...
December 6, 2025 at 9:27 PM
Reposted by Uncle Joe
sydseter.com
The only thing worse is to give someone executive power to change the rules during the game. When combined you’re doomed to loose.
sydseter.com Uncle Joe @sydseter.com · 25d
Never grant anyone unlimited jail free cards in Monopoly. Sooner or later it’s bound to end very badly.
December 4, 2025 at 7:47 PM
Reposted by Uncle Joe
sydseter.com
Never grant anyone unlimited jail free cards in Monopoly. Sooner or later it’s bound to end very badly.
December 4, 2025 at 7:40 PM
sydseter.com
The only thing worse is to give someone executive power to change the rules during the game. When combined you’re doomed to loose.
sydseter.com Uncle Joe @sydseter.com · 25d
Never grant anyone unlimited jail free cards in Monopoly. Sooner or later it’s bound to end very badly.
December 4, 2025 at 7:47 PM
sydseter.com
Never grant anyone unlimited jail free cards in Monopoly. Sooner or later it’s bound to end very badly.
December 4, 2025 at 7:40 PM
sydseter.com
Tools doesn’t help, what does? The best remedy is to establish a long-term relationship with an external penetration tester and test every software release. It’s the best shift-left strategy you can go for, to shift more, continous threat modeling, test-driven peer programming is the way to go.
sydseter.com Uncle Joe @sydseter.com · 28d
Most shift-left strategies fail because they rely on automation. Automation is not a silver bullet. I recently went through all our SAST and SCA findings for last year, all 2500 of them. We use two very popular SAST tools. One of them also does SCA. We only had 11 that not were false-positives.(1/4)
December 3, 2025 at 9:53 AM
Reposted by Uncle Joe
sydseter.com
Most shift-left strategies fail because they rely on automation. Automation is not a silver bullet. I recently went through all our SAST and SCA findings for last year, all 2500 of them. We use two very popular SAST tools. One of them also does SCA. We only had 11 that not were false-positives.(1/4)
December 1, 2025 at 9:14 PM
Reposted by Uncle Joe
sydseter.com
The first year we used SAST we found lots of issues, but after fixing them, we find very little. It makes zero sense to use this tools to detect issues early. It would mean that developers would have to look for the 0.5% of issues that aren’t false positives. One of our SAST tools also use AI. (2/4)
December 1, 2025 at 9:14 PM
sydseter.com
Most shift-left strategies fail because they rely on automation. Automation is not a silver bullet. I recently went through all our SAST and SCA findings for last year, all 2500 of them. We use two very popular SAST tools. One of them also does SCA. We only had 11 that not were false-positives.(1/4)
December 1, 2025 at 9:14 PM
Reposted by Uncle Joe
owasp.org
Giving Tuesday is right around the corner! 🤗
OWASP is powered by community energy, open-source magic, and supporters like you.
Check out all the ways you can get involved below to keep the momentum rolling. 💙 #GivingTuesday
December 1, 2025 at 4:11 PM