Vulnerability Disclosure, Cryptography Research, and Open Source

Today, Bruce Schneier posted an essay to his blog arguing the case for full disclosure of software vulnerabilities, which I am also in favor of. It’s apparently a side-bar to an article in CSOOnline entitled “The Chilling Effect” which is about some of the growing issues surrounding vulnerability research in web software. There’s also two […]

EUSecWest 2007

I’ve been invited to speak at EUSecWest 2007, an information security conference in London on March 1st and 2nd. I’ll be giving an updated version of my VoIP Attacks! presentation.