Four short links: 17 May 2019

Productsec, Supply Chain Attack, Sparse Neural Networks, and the Christchurch Call

By Nat Torkington
May 17, 2019
  1. Six Buckets of ProductsecThere are six buckets a security bug can fall into on its journey through life: Prevented—best outcome, never turned into code. Found automatically—found via static analysis or other tools, “cheap” time cost. Found manually—good even if it took more time; a large set of bugs can only be found this way. Found externally—usually via bug bounty, put users at real risk, expensive time cost but 100x better than other outcomes. Never found—most bugs probably end up here. Exploited—the worst.
  2. ShadowHammer (Bruce Schneier) — The common thread through all of the above-mentioned cases is that attackers got valid certificates and compromised their victims’ development environments. (via Bruce Schneier)
  3. Learn faster. Dig deeper. See farther.

    Join the O'Reilly online learning platform. Get a free trial today and find answers on the fly, or master something new and useful.

    Learn more
  4. The Lottery Ticket Hypothesis: Finding Sparse, Trainable Neural Networks dense, randomly initialized, feed-forward networks contain subnetworks (“winning tickets”) that—when trained in isolation—reach test accuracy comparable to the original network in a similar number of iterations. The winning tickets we find have won the initialization lottery: their connections have initial weights that make training particularly effective.
  5. Christchurch Call — first time governments and companies have, en masse, sat at a table to figure out how to curb violent extremist content on the platforms.
Post topics: Four Short Links