The State of Security in 2024
It's About Training
Security
Insights, tools, and best practices to keep your organization and users secure.
Passwords and their Discontents
Passwords are a poor solution for authenticating users–but none of the alternatives are very good, either. So, what do I use?
Attacking Supply Chains at the Source
The xz Utils attack almost succeeded. Will we be as lucky next time?
D-Day in Kyiv
The Future of Security
Surveying Your Cybersecurity Landscape
Defending against ransomware is all about the basics
Authentication, Backups, Updates, and Least Privilege
Building a culture of security at the New York Times
Runa Sandvik shares practical lessons on how to build and foster a culture of security across an organization.
An infinite set of security tools
Window Snyder says security basics are hard to implement consistently, but they're worth the effort.
Highlights from the O’Reilly Security Conference in New York 2017
Watch highlights covering security, defense, culture, and more. From the O'Reilly Security Conference in New York 2017.
Great software is secure software
Chris Wysopal explains how defenders can help developers create secure software through coaching, shared code, and services.
The Dao of defense: Choosing battles based on the seven chakras of security
Katie Moussouris explains how to turn the forces that resist defense activities into the biggest supporters.
Enterprise security: A new hope
Haroon Meer says a new type of security engineering is taking root, which suggests hope for effective corporate security at enterprise scale.
Empowering through security
Fredrick Lee shines a light on the ways security can be allowed into the world to do more.
The alarming state of secure coding neglect
A survey reveals a deep divide between developer aspirations for security and organizational practices.
Highlights from the O’Reilly Security Conference in Amsterdam 2016
Watch highlights covering security, defense, tools, and more. From the O'Reilly Security Conference in Amsterdam 2016.
My heart depends on your code
Marie Moe shares her experience with being the host of a vulnerable medical implant, and why she started a hacking project to investigate the security of her own critical infrastructure.
Conceptualizing attribution and why it matters
Benjamin Buchanan explains why successful network intrusion attribution requires a range of skills—management, time, leadership, stress testing, and more.
Lessons learned from running big bug bounty programs
Katie Moussouris offers insight into starting and running bug bounties.
The world will see (and just saw) a zombie apocalypse
Phil Stanhope discusses the DDoS attack on Dyn, how attack approaches are evolving, and what you can do about it.
From possible to practical: The path for defense
Dan Kaminsky explains why a strong focus on ease of use—for developers, operators, and users—is our only hope for migrating toward a more secure Internet.
The 2016 O’Reilly Defender Awards
Shining a light on this year’s defensive security heroes.
Security and feudalism: Own or be pwned
Cory Doctorow says the Electronic Frontier Foundation is fighting for a future where our devices can be configured to do our bidding and where security researchers are always free to tell us what they’ve learned.
Meet the world’s first autonomous computer security systems
Michael Walker explores the results of DARPA’s Cyber Grand Challenge (CGC), a contest to develop first-generation autonomous cyber defense systems.
Highlights from the O’Reilly Security Conference in New York 2016
Watch highlights covering security, defense, tools, and more. From the O'Reilly Security Conference in New York 2016.