ProPublica is a national journalistic treasure, and recent reporting on the software industry is a terrific impetus to drive much needed change. I sat in on many bug triage discussions over twenty years ago working at Microsoft, and despite great technology advances, the way these decisions are made appears to be little evolved. My purpose here is not to judge what transpired and who is at fault, but to glean from the reporting better software practices so we can at least learn from these events.
[Read More]Essays, link dumps, and opinion pieces about current events in the software landscape, offering what I hope is new perspective.
You can reach out to me with constructive criticism or insights at infosec.exchange@lmk.
Trusting AI
- (220 words) June 2024 – Loren Kohnfelder
Whether or not this unscientific test is reliable, asking generative AI if a mushroom is safe to eat — it misclassified a highly toxic variety that looks like a common edible one — is a terrible idea if you are prepared to eat according to what it says. This illustrates my rule of thumb:
[Read More]Further security discussions
- (500 words) May 2024 – Loren Kohnfelder
This article is a continuation of Better Security Discussions.
This analysis can be extended by considering potential mitigations for additional threats.
[Read More]
Better security discussions
(900 words) May 2024 – Loren Kohnfelder
We understand software security best through specific threats and mitigations, articulated by threat models shared openly. Without this context we avoid much needed meaningful security discussions.
[Read More]