home.social

#swsec — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #swsec, aggregated by home.social.

  1. @coreysnipes thank you.

    I have been at this for a while ...both as a security guy who helped get #swsec and #appsec going 28 years ago and as a student of Doug Hofstader's with a Ph.D. in #cogsci. BIML has been spearheading independent #MLsec since 2019.

  2. @coreysnipes thank you.

    I have been at this for a while ...both as a security guy who helped get #swsec and #appsec going 28 years ago and as a student of Doug Hofstader's with a Ph.D. in #cogsci. BIML has been spearheading independent #MLsec since 2019.

  3. @coreysnipes thank you.

    I have been at this for a while ...both as a security guy who helped get #swsec and #appsec going 28 years ago and as a student of Doug Hofstader's with a Ph.D. in #cogsci. BIML has been spearheading independent #MLsec since 2019.

  4. @coreysnipes thank you.

    I have been at this for a while ...both as a security guy who helped get #swsec and #appsec going 28 years ago and as a student of Doug Hofstader's with a Ph.D. in #cogsci. BIML has been spearheading independent #MLsec since 2019.

  5. @coreysnipes thank you.

    I have been at this for a while ...both as a security guy who helped get #swsec and #appsec going 28 years ago and as a student of Doug Hofstader's with a Ph.D. in #cogsci. BIML has been spearheading independent #MLsec since 2019.

  6. More on mythos. #swsec #appsec #MLsec #ML #AI

    "What changed with Mythos Preview is that a model can now take those low-severity bugs (which would traditionally sit invisible in a backlog) and chain them into a single, more severe exploit."

    blog.cloudflare.com/cyber-fron

  7. More on mythos. #swsec #appsec #MLsec #ML #AI

    "What changed with Mythos Preview is that a model can now take those low-severity bugs (which would traditionally sit invisible in a backlog) and chain them into a single, more severe exploit."

    blog.cloudflare.com/cyber-fron

  8. More on mythos. #swsec #appsec #MLsec #ML #AI

    "What changed with Mythos Preview is that a model can now take those low-severity bugs (which would traditionally sit invisible in a backlog) and chain them into a single, more severe exploit."

    blog.cloudflare.com/cyber-fron

  9. More on mythos. #swsec #appsec #MLsec #ML #AI

    "What changed with Mythos Preview is that a model can now take those low-severity bugs (which would traditionally sit invisible in a backlog) and chain them into a single, more severe exploit."

    blog.cloudflare.com/cyber-fron

  10. More on mythos. #swsec #appsec #MLsec #ML #AI

    "What changed with Mythos Preview is that a model can now take those low-severity bugs (which would traditionally sit invisible in a backlog) and chain them into a single, more severe exploit."

    blog.cloudflare.com/cyber-fron

  11. The one good thing about the mythos nonsense is at least broken software is finally being fixed. If that's what it takes, so be it. #swsec #appsec #MLsec

    theguardian.com/technology/202

  12. Registration requirement for access to our new paper "No Security Meter for AI" has been removed due to urgency of content and to promote frictionless distribution

    berryvilleiml.com/results/no-s

    Please consider registering, which enables you to receive email notifications from BIML.

    #MLsec #ML #AI #infosec #swsec #appsec

  13. Registration requirement for access to our new paper "No Security Meter for AI" has been removed due to urgency of content and to promote frictionless distribution

    berryvilleiml.com/results/no-s

    Please consider registering, which enables you to receive email notifications from BIML.

    #MLsec #ML #AI #infosec #swsec #appsec

  14. Registration requirement for access to our new paper "No Security Meter for AI" has been removed due to urgency of content and to promote frictionless distribution

    berryvilleiml.com/results/no-s

    Please consider registering, which enables you to receive email notifications from BIML.

    #MLsec #ML #AI #infosec #swsec #appsec

  15. Registration requirement for access to our new paper "No Security Meter for AI" has been removed due to urgency of content and to promote frictionless distribution

    berryvilleiml.com/results/no-s

    Please consider registering, which enables you to receive email notifications from BIML.

    #MLsec #ML #AI #infosec #swsec #appsec

  16. Registration requirement for access to our new paper "No Security Meter for AI" has been removed due to urgency of content and to promote frictionless distribution

    berryvilleiml.com/results/no-s

    Please consider registering, which enables you to receive email notifications from BIML.

    #MLsec #ML #AI #infosec #swsec #appsec

  17. Have you read BIML's new report No Security Meter for AI?
    #MLsec #ML #AI #swsec #appsec

    berryvilleiml.com/results/no-s

    We removed the reg wall this morning.

  18. How can you measure security in #ML systems? Maybe similarly to the way we measure security in software systems. #swsec #appsec

    BIML wrote about this in a new report released today: berryvilleiml.com/results/

    Get your copy now, released for free under a creative commons license.

    Applied #MLsec

  19. How can you measure security in #ML systems? Maybe similarly to the way we measure security in software systems. #swsec #appsec

    BIML wrote about this in a new report released today: berryvilleiml.com/results/

    Get your copy now, released for free under a creative commons license.

    Applied #MLsec

  20. @koehntopp @tychotithonus this is literally changing in real time. I used to believe that too. And as you know. I know a smidge about #swsec
    You two may both enjoy reading this new thing released this morning
    No Security Meter for AI
    berryvilleiml.com/results/no-s

    Email me if the reg wall bothers you too much

  21. @tychotithonus in the best of all possible worlds, all this #AI stuff will accelerate #swsec and #appsec so we can finally do what we know we should have done since 2001

  22. So how is it going in the #swsec and #appsec tools and services space in the age of #mythos?

    "Mythos is like a nuke going off in the middle of our industry. Most of our biggest clients who have used it figure they will get rid of all their pipeline tools and replace with mythos. Toss the findings to copilot (or their own agentic engines) and have them fix the bugs. And completely get rid of Pentesting. Synk renewals are at 30%, BlackDuck at 60%."

  23. Don't forget that the real reason this happens is because THE SOFTWARE THAT WAS TARGETED IS BROKEN.

    Fix the software. Use #AI to do that.

    #swsec and #appsec 101. If you find it but don't fix it, that does nobody any good.

    nytimes.com/2026/05/11/us/poli

  24. Fix the damn software #swsec #appsec #MLsec

    "Those vulnerabilities have been fixed, and will never again be available to attackers. In the future, AIs automatically finding and fixing vulnerabilities in all software will be a normal part of the development process, which will result in much more secure software."

    theguardian.com/commentisfree/

  25. @aristot73 @spaf I think emphasizing that ALL software has this problem...not just open source...is important. Let's make this chaos a positive for all #swsec and spend the piles of cash (tokens) coming our way properly

    Is it just money spent on the right thing??

  26. "Anyone building software can start using a harness with a modern model to find bugs and harden their code today. We recommend getting started now. You will find bugs, and you will set yourself up to take advantage of new models as soon as they become available." #swsec

    hacks.mozilla.org/2026/05/behi

  27. Phil Venables is my guest on Silver Bullet Security Podcast episode 156. Lots of #MLsec and #swsec discussion, including some #agenticai and some emergent computation.

    berryvilleiml.com/2026/05/01/s

  28. Phil Venables is my guest on Silver Bullet Security Podcast episode 156. Lots of #MLsec and #swsec discussion, including some #agenticai and some emergent computation.

    berryvilleiml.com/2026/05/01/s

  29. Oh look, the dust is beginning to settle around mythos. #swsec gonna #swsec and #LLM gonna #LLM

    My favorite theory of why the limited release has to do with unavailability of cycles.

    #MLsec

    theregister.com/2026/04/27/ant

  30. Great to see a BIML quote in this Fortune piece. Our next big piece of work is on measurement (in final review now), so the story timing is great.

    #MLsec #ML #AI #swsec #appsec #infosec

    fortune.com/2026/04/23/ai-cybe

  31. BIML says...FIX THE DANG SOFTWARE. if we had collectively spent as much money on #swsec and #appsec as is being spent now on tokens BEFORE #AI, we would have had the same huge impact.

    The principle component of this scale is MONEY

    berryvilleiml.com/2026/04/10/f

  32. Maybe, just maybe #AI would not have to pretend to be "too dangerous to release" if software were actually secure. #swsec #appsec #MLsec

  33. . @david_chisnall I mention slop bug reports here. This will only get worse as really clueless people start wielding tools they don't understand to do work they don't understand. #swsec #appsec

    berryvilleiml.com/2026/04/09/t