Companies like Klarna and Afterpay are just high tech payday loan companies. The fact that they are offering deferred payments for food delivery services like DoorDash is disgusting.

I have the tools and knowledge to build a backyard shed but that doesn’t make me a builder.

Likewise, the ability to write some useful code doesn’t make someone, or something, a software engineer.

There’s a lot more to building secure, resilient, maintainable software than writing code.

Regardless of your politics, everyone should be concerned about the complete lack of operational security in this case.

Being brilliant at the basics should be the foundation of EVERY security strategy in every organization. If you aren’t doing things like asset management, patching, and IAM well how do you expect to protect against 0-day exploits?

Don’t make it an either or proposition. We should do both. Some kids will excel in college but others need a different path. We’ve focused a lot in the US on the college route and we’ve lost most effective paths to skilled trade careers.

It’s not often I find myself wishing for government regulation but I sure would like a single standard in the USA. Managing compliance with differing state laws is difficult to say the least.

I’ve got 6 or so domains I just continue to pay for each year. I refuse to kill the dream that caused me to purchase in the first place!

Like many things, it was better 30 years ago. You’re not missing anything.

Two CWE’s are new to the list and also tied for largest jump at 13 spots: CWE-200, Exposure of Sensitive Information to an Unauthorized Actor and CWE-400, Uncontrolled Resource Consumption.

How so you suppose they figured Chrome could fetch $20 billion? Without the advertising money, how do you monetize the browser?

How can this be stopped? Sure, the FTC might stop some sales of this data but only be the more “legit” data brokers. The ones that are unknown or simply nation state threat actors still have the capability to collect this data.