Uncle Joe
@sydseter.com
Co-leader OWASP Cornucopia. If you like what we do for open source, visit our code repository https://github.com/OWASP/cornucopia and give us a star ⭐
🌈 «Difference is of the essence of humanity» 🦄 – John Hume
#appsec #owasp #cornucopia #threatmodeling
🌈 «Difference is of the essence of humanity» 🦄 – John Hume
#appsec #owasp #cornucopia #threatmodeling
Pinned
Uncle Joe
@sydseter.com
· Nov 25
If you want others to do threat modeling for you, then please, for the love of god, at least, make it a bit fun!
copi.owasp.org
cornucopia.owasp.org
#owasp #cornucopia #appsec #threatmodeling #threat-modeling
copi.owasp.org
cornucopia.owasp.org
#owasp #cornucopia #appsec #threatmodeling #threat-modeling
The answer is simple. A company’s product also include it’s dependencies. If you are using public libraries it’s not the open source libraries’ fault they have vulnerabilities it’s the commercial company’s responsibility to patch. 11.12.2027 this will become law: www.tributech.io/blog/cra-8-v...
November 29, 2025 at 12:36 PM
The answer is simple. A company’s product also include it’s dependencies. If you are using public libraries it’s not the open source libraries’ fault they have vulnerabilities it’s the commercial company’s responsibility to patch. 11.12.2027 this will become law: www.tributech.io/blog/cra-8-v...
I had a conversation with a developer at our company’s Christmas party with more than 30 year experience in software development. His message was that he wouldn’t do open source development because he knew he would get stuck with the sole responsibility for the particular library he was maintaining.
November 29, 2025 at 11:45 AM
I had a conversation with a developer at our company’s Christmas party with more than 30 year experience in software development. His message was that he wouldn’t do open source development because he knew he would get stuck with the sole responsibility for the particular library he was maintaining.
Meta: «Instead of protecting consumers, today’s outcome sets a dangerous precedent and shifts responsibility a ay from those best placed to prevent fraud» I presume they mean their ageing users?
November 28, 2025 at 11:58 AM
Meta: «Instead of protecting consumers, today’s outcome sets a dangerous precedent and shifts responsibility a ay from those best placed to prevent fraud» I presume they mean their ageing users?
Social Media Giants and Payment Services will be held liable for reimbursing victims of financial scams. This basicly means they will be come liable for fraudulent ads published through their services. www.europarl.europa.eu/news/en/pres...
Payment services deal: More protection from online fraud and hidden fees | News | European Parliament
Parliament and Council have struck a deal on a more open and competitive EU payment services sector, with strong defences against fraud and data breaches.
www.europarl.europa.eu
November 28, 2025 at 11:52 AM
Social Media Giants and Payment Services will be held liable for reimbursing victims of financial scams. This basicly means they will be come liable for fraudulent ads published through their services. www.europarl.europa.eu/news/en/pres...
The Second Wave of Shai Hulud Supply Chain Attak is a dress up party for selling useless SAST software.
November 28, 2025 at 8:46 AM
The Second Wave of Shai Hulud Supply Chain Attak is a dress up party for selling useless SAST software.
Reposted by Uncle Joe
Version 1 of the OWASP AI testing guide just got published.
I promise you, from my own experience, this will save you a lot of heartache.
github.com/OWASP/www-pr...
I promise you, from my own experience, this will save you a lot of heartache.
github.com/OWASP/www-pr...
November 27, 2025 at 10:31 AM
Version 1 of the OWASP AI testing guide just got published.
I promise you, from my own experience, this will save you a lot of heartache.
github.com/OWASP/www-pr...
I promise you, from my own experience, this will save you a lot of heartache.
github.com/OWASP/www-pr...
Version 1 of the OWASP AI testing guide just got published.
I promise you, from my own experience, this will save you a lot of heartache.
github.com/OWASP/www-pr...
I promise you, from my own experience, this will save you a lot of heartache.
github.com/OWASP/www-pr...
November 27, 2025 at 10:31 AM
Version 1 of the OWASP AI testing guide just got published.
I promise you, from my own experience, this will save you a lot of heartache.
github.com/OWASP/www-pr...
I promise you, from my own experience, this will save you a lot of heartache.
github.com/OWASP/www-pr...
Stop "Trying" to Manage Risk - Is perhaps the proper wording. Hitting your fellow colleague in the head with this is a "high" risk, or this is a "medium" risk, makes absolutely no sense. If you need that, you are not really managing the risk at all; instead, you are reacting to it. (1/3)
twenty twenty twenty four hours to go....stop managing risk!
https://shostack.org/blog/stop-trying-to-manage-risk/
https://shostack.org/blog/stop-trying-to-manage-risk/
November 26, 2025 at 5:51 PM
Stop "Trying" to Manage Risk - Is perhaps the proper wording. Hitting your fellow colleague in the head with this is a "high" risk, or this is a "medium" risk, makes absolutely no sense. If you need that, you are not really managing the risk at all; instead, you are reacting to it. (1/3)
Reposted by Uncle Joe
Star Wars: A Darth Sideous story in which it is VERY UNFAIR that a man who’s just trying to reform a CORRUPT Galactic “Senate” which can’t even prevent a SIEGE of Naboo, who is fighting EVIL TARIFFS, is cast as a DICTATOR just because he’s murdering Jedis who are UNELECTED and UNPOPULAR.
If you were a despotic president, what movie would you force Hollywood to make? I want to see Quentin's Star Trek movie or maybe Kill Bill Vol 3.
November 26, 2025 at 5:41 AM
Star Wars: A Darth Sideous story in which it is VERY UNFAIR that a man who’s just trying to reform a CORRUPT Galactic “Senate” which can’t even prevent a SIEGE of Naboo, who is fighting EVIL TARIFFS, is cast as a DICTATOR just because he’s murdering Jedis who are UNELECTED and UNPOPULAR.
Reposted by Uncle Joe
The State Of Threat Modeling Survey (hashtag#SOTM) 2025-2026 from Threat Modeling Connect has been sent out (see: threatmodelingconnect.com/state-of-threat-modeling-2025-2026 ). Find out how your organization is doing regarding threat modeling!
#threatmodeling #security #infosec #appsec
#threatmodeling #security #infosec #appsec
November 19, 2025 at 3:07 PM
The State Of Threat Modeling Survey (hashtag#SOTM) 2025-2026 from Threat Modeling Connect has been sent out (see: threatmodelingconnect.com/state-of-threat-modeling-2025-2026 ). Find out how your organization is doing regarding threat modeling!
#threatmodeling #security #infosec #appsec
#threatmodeling #security #infosec #appsec
Reposted by Uncle Joe
Approach security awareness from the perspective of a 9-year-old. How would your kids teach their moms and dads what not to do.
November 20, 2025 at 11:22 AM
Approach security awareness from the perspective of a 9-year-old. How would your kids teach their moms and dads what not to do.
Approach security awareness from the perspective of a 9-year-old. How would your kids teach their moms and dads what not to do.
November 20, 2025 at 11:22 AM
Approach security awareness from the perspective of a 9-year-old. How would your kids teach their moms and dads what not to do.
Holy shit! This is the third time this year my kids are able to crack the ipad pin for giving them selves screen time. I could have sworn nobody was shoulder surfing me. All this passcodes are turning our kids knto social engineers! 👨💻🧑💻
November 20, 2025 at 7:50 AM
Holy shit! This is the third time this year my kids are able to crack the ipad pin for giving them selves screen time. I could have sworn nobody was shoulder surfing me. All this passcodes are turning our kids knto social engineers! 👨💻🧑💻
Reposted by Uncle Joe
Exciting opportunity alert! 🌟 Want to speak at the #OWASP Global #AppSec EU 2026 Conference in Vienna? The Call for Presentations is now open! Share your expertise in our diverse tracks. Submit your proposal today! Link: sessionize.com/owasp...
#devsecops #SDLC #threatmodeling #AI
#devsecops #SDLC #threatmodeling #AI
OWASP Global AppSec EU 2026 - CFP (Vienna, Austria) : Call for Speakers
OWASP Global Conferences are a must attend event by all cybersecurity professionals. Join the team and become a speaker at this well sought after eve...
sessionize.com
November 17, 2025 at 10:36 PM
Exciting opportunity alert! 🌟 Want to speak at the #OWASP Global #AppSec EU 2026 Conference in Vienna? The Call for Presentations is now open! Share your expertise in our diverse tracks. Submit your proposal today! Link: sessionize.com/owasp...
#devsecops #SDLC #threatmodeling #AI
#devsecops #SDLC #threatmodeling #AI
Reposted by Uncle Joe
Trainers and speakers, exciting opportunities await! 🌟
🔍 Become a trainer at OWASP Global AppSec EU 2026: sessionize.com/owasp...
🌟 Dream of speaking at Global AppSec EU 2026: sessionize.com/owasp...
🎤 Showcase your expertise at the Virtual 25th Anniversary Conference:
🔍 Become a trainer at OWASP Global AppSec EU 2026: sessionize.com/owasp...
🌟 Dream of speaking at Global AppSec EU 2026: sessionize.com/owasp...
🎤 Showcase your expertise at the Virtual 25th Anniversary Conference:
OWASP Global AppSec EU (Vienna) 2026 - CFT : Call for Sessions
OWASP Global AppSec Training Days are known for their top notch trainers and in-depth course material. The OWASP Foundation would like to invite you ...
sessionize.com
November 18, 2025 at 8:02 PM
Trainers and speakers, exciting opportunities await! 🌟
🔍 Become a trainer at OWASP Global AppSec EU 2026: sessionize.com/owasp...
🌟 Dream of speaking at Global AppSec EU 2026: sessionize.com/owasp...
🎤 Showcase your expertise at the Virtual 25th Anniversary Conference:
🔍 Become a trainer at OWASP Global AppSec EU 2026: sessionize.com/owasp...
🌟 Dream of speaking at Global AppSec EU 2026: sessionize.com/owasp...
🎤 Showcase your expertise at the Virtual 25th Anniversary Conference:
Reposted by Uncle Joe
Are you the next card game designer for OWASP Cornucopia Website Edition v3.0?
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
OWASP Cornucopia 3.0 - A call for card game designers!
Would you like to be our card game designer for the OWASP Cornucopia Website Edition...
dev.to
November 13, 2025 at 12:28 PM
Are you the next card game designer for OWASP Cornucopia Website Edition v3.0?
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
The State Of Threat Modeling Survey (hashtag#SOTM) 2025-2026 from Threat Modeling Connect has been sent out (see: threatmodelingconnect.com/state-of-threat-modeling-2025-2026 ). Find out how your organization is doing regarding threat modeling!
#threatmodeling #security #infosec #appsec
#threatmodeling #security #infosec #appsec
November 19, 2025 at 3:07 PM
The State Of Threat Modeling Survey (hashtag#SOTM) 2025-2026 from Threat Modeling Connect has been sent out (see: threatmodelingconnect.com/state-of-threat-modeling-2025-2026 ). Find out how your organization is doing regarding threat modeling!
#threatmodeling #security #infosec #appsec
#threatmodeling #security #infosec #appsec
Reposted by Uncle Joe
Don’t apologize for designing before coding, it’s called “thinking”.
October 29, 2025 at 7:06 AM
Don’t apologize for designing before coding, it’s called “thinking”.
Are you the next card game designer for OWASP Cornucopia Website Edition v3.0?
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
OWASP Cornucopia 3.0 - A call for card game designers!
Would you like to be our card game designer for the OWASP Cornucopia Website Edition...
dev.to
November 13, 2025 at 12:28 PM
Are you the next card game designer for OWASP Cornucopia Website Edition v3.0?
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
Then get in touch with us for fame and glory!
Read more at:
dev.to/owasp/owasp-...
Reposted by Uncle Joe
there should be some kind of digital death penalty where you're banned from using the computer for life if you're caught selling "phishing for dummies" SaaS
www.theverge.com/news/818554/...
www.theverge.com/news/818554/...
November 12, 2025 at 4:24 PM
there should be some kind of digital death penalty where you're banned from using the computer for life if you're caught selling "phishing for dummies" SaaS
www.theverge.com/news/818554/...
www.theverge.com/news/818554/...
Reposted by Uncle Joe
What if security wasn’t a firefight?
Facebook’s “Privacy Waves” program bakes privacy work into a monthly rhythm — predictable, repeatable, scalable.
Maybe the real AppSec unlock isn’t more tech.
It’s cadence.
Make security routine, not reactive.
is.gd/g073ju
Facebook’s “Privacy Waves” program bakes privacy work into a monthly rhythm — predictable, repeatable, scalable.
Maybe the real AppSec unlock isn’t more tech.
It’s cadence.
Make security routine, not reactive.
is.gd/g073ju
Shostack + Friends Blog > Secure By Design roundup - October 2025
Phil Venables is releasing a masterclass; new guidance from SAFECode, a new paper from JPMorganChase on their tools, how Facebook uses “waves”, a new AI shared responsibility model and more!
is.gd
November 12, 2025 at 3:26 PM
What if security wasn’t a firefight?
Facebook’s “Privacy Waves” program bakes privacy work into a monthly rhythm — predictable, repeatable, scalable.
Maybe the real AppSec unlock isn’t more tech.
It’s cadence.
Make security routine, not reactive.
is.gd/g073ju
Facebook’s “Privacy Waves” program bakes privacy work into a monthly rhythm — predictable, repeatable, scalable.
Maybe the real AppSec unlock isn’t more tech.
It’s cadence.
Make security routine, not reactive.
is.gd/g073ju
On inauguration day, Trump received greetings from leaders around the world, from Putin, Trump received a Fabergé egg made of gold, diamond and rubies...
and inside a USB stick.
He put the USB stick in his computer that started a funny video greeting from Putin with two topless women which Trump enjoyed very much.
Later that day, the computer stopped working so Trump rebooted and discovered his computer had been encrypted with ransomware...
(2/7)
He put the USB stick in his computer that started a funny video greeting from Putin with two topless women which Trump enjoyed very much.
Later that day, the computer stopped working so Trump rebooted and discovered his computer had been encrypted with ransomware...
(2/7)
November 12, 2025 at 11:06 PM
On inauguration day, Trump received greetings from leaders around the world, from Putin, Trump received a Fabergé egg made of gold, diamond and rubies...
Reposted by Uncle Joe
Reposted by Uncle Joe
happy epstein thermonuclear launch day to all who celebrate
November 12, 2025 at 6:01 PM
happy epstein thermonuclear launch day to all who celebrate
Reposted by Uncle Joe
Hey #bsky!
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
November 11, 2025 at 4:33 PM
Hey #bsky!
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa
Please note that neither
NIST: pages.nist.gov/800-63-FAQ/#...
or…
OWASP ASVS: github.com/OWASP/ASVS/b...
recommend the use of email as #2FA
#appsec #security #mfa