Questions for System Design Reviews
Moving towards operationalizing system design reviews. What questions should a review team ask, or expect to be answered?
What is the Value-add of ssh-agent?
The purpose of ssh-agent and observations how ssh-agent improves UX and security.
User-influenced Shell Commands Are Still Considered Harmful
Non-obvious ways of getting code execution when testing code that uses user input to build shell commands.
Authorization Design Patterns
Patterns/anti-patterns for designing authorization APIs.
One tip for finding fast and useful fuzz targets for networked code.