About me

SECURITY

  • Tom's House of Awesome CVEs

    Did you see that the U.S. is no longer funding the national security CVE program?

    I’m glad to see they’re doing away with the “neutral third party” and going with a free market solution.

    I’m starting my own CVE service. Here’s my price-list:

    • Regular CVE’s: $1,000 evaluation fee
    • CVE’s where you get to pick the number: $10,000 (though certain numbers will be sold at auction… how much would you pay to be responsible for CVE-69?)
    • Special packages:
      • $100,000/year and your company’s products will get a lower severity.
      • $10,000,000/year and all CVEs related to your product will be rejected as irreproducible.

    I accept Bitcoin, Venmo, and cash in unmarked envelopes slid under my door.

    read more

  • Reduce the maximum validity period for TLS/SSL server certificates

    Question: What would be the impact on your organization if the CA/Browser Forum approves a ballot reducing the maximum validity period for SSL/TLS server certificates from the current 825 days (27 months) at present to 397 days (13 months), effective for new certificates issued on or after March 1, 2020? (Existing certificates will remain valid for their full term).

    read more

  • Response to: Our Security Auditor Is an Idiot

    Some thoughts on the SO question about the idiot security consultant that demanded a list of everyone’s plaintext password plus some rather impossible things.

    read more

Tom Limoncelli

Tom Limoncelli

Recent Posts

  1. Pride Rocks – New Jersey
  2. Configuring iPhone/MacOS to sync contacts
  3. Three AI links everyone should visit
  4. Tom’s House of Awesome CVEs
  5. nycdevops Archive

Archive

Categories

Tags

I agree that this website may store my data to personalize my journey in accordance with their Terms & conditions

Powered by Hugo | Theme - YesThatTheme © 2017 - 2025 Tom Limoncelli