Twitter | Search | |
Jeremy Long
builder, infosec, SCA and SAST enthusiast, blue team.
1,110
Tweets
170
Following
616
Followers
Tweets
Jeremy Long retweeted
Emma Wedekind 🐞 Apr 23
Anyone else ever put in headphones without playing anything, simply because you want to avoid other humans? 😳
Reply Retweet Like
Jeremy Long retweeted
Christian Kühn Apr 23
polishing my new talk featuring dependency-check, clair and , big THANK YOU for your awesome work in security to and their teams.
Reply Retweet Like
Jeremy Long retweeted
ToolsWatch - Hackers Arsenal Apr 20
Updated CPE & Targets Classification introduced with new keys version_affected, running on / with platforms. It will make the CVE identification versus target configurations more precise and accurate >>
Reply Retweet Like
Jeremy Long Apr 22
Replying to @adam_baldwin
I've been dumbfounded by this lack in the industry for a while. I've been looking more at tools used to collect information during the test like or . I submitted a talk to BH that would benefit from machine readable reports.
Reply Retweet Like
Jeremy Long retweeted
Justin Collins Apr 20
Just like its inaugural year, was an excellent AppSec/ProdSec conference this year. I strongly encourage folks in the industry to attend next year!
Reply Retweet Like
Jeremy Long Apr 20
Replying to @pwntester @e_rnst
The difficulty is reliably identifying the exact exploitable code. However, we are starting to see things like vulncode which could make generating rules for sast easier:
Reply Retweet Like
Jeremy Long Apr 15
Replying to @Viss @marcusjcarey
Simple - I don't trade for turpentine...
Reply Retweet Like
Jeremy Long Apr 15
Replying to @Viss @marcusjcarey
Just because something is legal does not make it ethical.
Reply Retweet Like
Jeremy Long Apr 15
Replying to @Viss @marcusjcarey
To some extent, one would hope the people ensuring your company is secure maintains a higher code of ethics. But, as you have stated - the stance on some activities has been changing. Which is fine - but if yor job relies on ethical behavior don't get to far ahead of the curve
Reply Retweet Like
Jeremy Long Apr 15
Replying to @Viss @marcusjcarey
Not what i meant. A company doesn't have to drug screen every employee to be ethical. One would hope your employees are ethical and adhere to both state and federal law. Just as you expect them to abide by company policies, etc.
Reply Retweet Like
Jeremy Long Apr 15
Replying to @Viss @marcusjcarey
Which is why i will say - if you dusagree with the law exercisers your right to vote.
Reply Retweet Like
Jeremy Long Apr 15
Replying to @Viss @marcusjcarey
Ethics are not always black and white.
Reply Retweet Like
Jeremy Long Apr 15
Replying to @Viss @marcusjcarey
Imagine if a company had a policy - zero sql injection in production? Seriously you approved that app to go to prod even though you found a sqli?
Reply Retweet Like
Jeremy Long Apr 15
Replying to @Viss @marcusjcarey
Sorry - let me restate. If there is any other role in your company that requires drug testing - there is no reason to exclude security professionals. If you disagree with federal law you should vote (as im sure you do).
Reply Retweet Like
Jeremy Long Apr 15
Replying to @Viss @marcusjcarey
Why? 100% ethics - regardless of your personal view it is still a federal offense.
Reply Retweet Like
Jeremy Long retweeted
Lauren Long Apr 13
My daughters team was invited to the KidWind National competition. Help them get there.
Reply Retweet Like
Jeremy Long Apr 13
This is an amazing opportunity to get to go to the KidWind National competition, the kids did an amazing job - just hoping we can get the whole team there! .
Reply Retweet Like
Jeremy Long Apr 10
Replying to @stevespringett @mkonda
I've talked to one company that builds from source the dependencies due to lack of trust in the supply chain. Tons of automation to make that happen.
Reply Retweet Like
Jeremy Long Apr 8
This is awesome - can't wait to see more. this is related to some of the work you were doing looking for malicious code - was any of your code open sourced?
Reply Retweet Like
Jeremy Long Apr 8
Replying to @pwntester
Lol - and I keep having to explain that Fortify SCA doesn't do software composition analysis... love the abbreviation collisions.
Reply Retweet Like