• I love osquery, but putting it into production requires a bunch of other moving pieces (fleet management, something to push out ad-hoc queries, log collection and aggregation, montioring, alerting, …). Kolide looks like it solves that problem, providing an endpoint management solution based around osquery that handles all the other stuff.

  • Content Security Policies are a pain in the butt to write. laboratory is a Firefox extension that’ll watch your browsing and generate a policy.

  • Consumer Reports announced it would start evaluating security and privacy of products and services. Awesome, someone needs to be doing this. That said, the Digital Standard framework they’ve been developing to do this evaluation looks… well, it’s a good effort, but so far everything there looks pretty vague, and some of it’s outright incorrect. Hopefully the final result will be better; this first attempt doesn’t give me a ton of hope.

  • If you know me, you know I’m a huge proponent of bug bounties. But they’re not a silver bullet. If you’re thinking about a bug bounty, you owe it to yourself to watch this first: Bad Medicine: Contraindications of Bug Bounty Programs .

  • A follow-up on CloudPets:

What’s this?

This is a weekly roundup of interesting infosec related links, inspired by Geek Feminism’s linkspam tradition.

If you’d like to suggest a link for a future roundup, post it to Pinboard tagged with securitylinkspam and I’ll find it there.