41 with two kids, all that time spent working should have been spent experiencing the world and having a lot more fun.
I think a combination of getting more senior at work and having kids reduces your choices in how you can spend your time (To be fair it opens up new options as well). It highlights the value of your time and how little you got in return for it when it was abundant.
It's probably worth remembering that there is an open source exemption. If a piece of 'intrusion software' has been published the export controls no longer apply.
Publish your exploits to github before you send them overseas or travel to the conference to announce them.
Why do you dislike Huawei in particular? I could hazard some guesses but most of the reasons I would guess are present in every other manufacturer I can think of. I'm truly interested in why that's a problem for you.
Apparently they signed up Huawei with a contract where they warranted there were no backdoors in the hardware. Guarantees nothing of course but props for the chutzpah to demand such an outrageous clause in the contract.
When talking about the Iraq dossier there were proven falsehoods.
"Without exception, all of the allegations included within the September Dossier have been since proven to be false, as shown by the Iraq Survey Group."
No. No. In fact, in past times ( of kings and queens), one man was killed in a battle and his brother was given a much higher title because you cannot give the honorable title to a deceased individual.
Zero percent direct object references? Three possibilities:
* IBM doesn't know what an insecure direct object reference is.
* I don't know what an insecure direct object reference is.
* IBM's scanning tool is routinely missing an extremely common sev:hi bug class.
The OWASP Top 10 is stupid. For some reason, every attempt at creating a taxonomy of security flaws of any sort fails, and OWASP's is a textbook example. But at least 8 out of the 10 flaws OWASP randomly selects are still common and meaningful.
My guess would the third of your options, it feels like a scanning tool artifact.
However, my point was that even given the age of the OWASP Top 10 and its incredible brand recognition among developers globally, the IBM bulk application scans are still finding (At least some of) these issues.
Interesting point about taxonomies of security flaws, similarly taxonomies of security attacks are also hard (Wicked maybe). This may be due to the difficulty of fully defining the world of unexpected or unwanted application behaviour. There is something complex about the space of possible attacks (or flaws) that resists classification at anything other than at such a level of foundational definition to be practically useless in the real world.
I would strongly recommend reading Clay Christensen's book How will you measure your life? He discusses a general approach to working out what you want to do with your life without telling you what he thinks you should do.
41 with two kids, all that time spent working should have been spent experiencing the world and having a lot more fun.
I think a combination of getting more senior at work and having kids reduces your choices in how you can spend your time (To be fair it opens up new options as well). It highlights the value of your time and how little you got in return for it when it was abundant.