Posts

800 posts, my analysis

 After taking a look at these posts https://appsecadventures.blogspot.com/2025/11/800-posts-where-am-i-and-what-are.html https://appsecadventures.blogspot.com/2025/11/800-posts-least-common-subjects.html https://appsecadventures.blogspot.com/2025/11/800-posts-predictions-based-on-rare.html Here are my takes: Obviously, posts are biased based on my interests. So there are a lot of vulnerability management, supply chain security and LLMs and very little about API Security, OWASP Top 10 and scanning tools. This does not mean I am not noticing what's happening. Although LLMs and CoPilots are getting better everyday, the dynamics of programming using LLMs, in the long run, may graduate less skilled developers because the intermediate developers (the newbies nowadays) will rely more on tools to write code. So maybe, we will face an educational problem very soon. People will remain being the weakest link of the chain of security. Attacks are becoming more and more complex and difficult to...
Post a Comment
Read more

800 posts, predictions based on rare themes

  Theme 2026 Prediction Rationale Mobile Security AI-generated malware and cloned mobile apps will cause a resurgence in mobile-security focus. Attackers shift from supply chain to mobile targets using automated phishing and AI-built malware, reversing 2025’s low interest. Cybersecurity Policy & Government Shifts Governments will introduce major AI safety, disclosure, and cloud-regulation policies. Rising geopolitical tension + legal pressure on CVE disclosure + AI misuse incidents make regulation unavoidable. Corporate Expansion & Hiring Security hiring becomes remote-first with hubs forming in AI-talent regions (India, Israel, Brazil, Eastern Europe). 2025 showed little expansion news due to slowdown; 2026 hiring follows AI talent density, not geography. Cryptographic Governance AI-resistant crypto, dataset signing, and model-weight integrity standards expand in regulated sectors. As AI enters finance/healthcare/gov, integrity and post-quantum c...
Post a Comment
Read more

800 posts, the least common subjects

Least Common Themes Why They’re Rare (Based on Feed Content) Mobile security Only one post touches iOS/Android app-locking and secure folders, and it's from late 2024, not 2025. It’s mentioned again as “going down” in your own meta-post. Political / policy shifts (e.g., Trump admin cybersecurity posture) Several posts mention policy shifts, but this theme is sparse relative to technical AppSec, supply-chain, and AI content. Appears in 1–2 posts around Oct–Nov. Corporate expansion / hiring news Only one post covers a company opening a new facility (OpenText India). These business-expansion stories are rare in your feed. Cryptographic governance Appears once as a video entry on governance of cryptographic software. No other cryptography-focused discussions show up in 2025 entries. Security champion programs / culture building Only one post highlights security champions (October 2025). Most other posts are about tooling, vulnerabilities, AI, and supply chain...
Post a Comment
Read more

800 posts, where am I and what are the insights

Image
  I've started in September. I've reached 500 in May, I am reaching 800 in November. It's clearly less posts per month. Of course, I've started to focus on relevance. Popular posts are clearly related to LLMs. NVD is not on the top of the news today, strongly replaced by supply chain attacks. In fact, I think supply chain security was one of the most important subjects this year, as anyone could notice from OWASP Top 10 2025. LLMs are still hot as hell subject. Expanding my sources helped me not to get more news, but to get more tools and more evidence that the most important subjects were the ones I've thought, because most sources were talking about the same things. One thing I'd love to have is some sort of integration with linkedin because I am always reading there. I think linkedin is like a professional blog for many great professionals that I am always following (Madden, Janca, Shostack, Hughes, Hovesepyan, Cipollone, Rexha, Collman, Buchanan and the list...
Post a Comment
Read more

VulnCheck Canary Intelligence Brings Real-World Exploit Data to Defenders

VulnCheck Canary Intelligence is a new service that uses a global network of intentionally vulnerable systems (“canaries”) to capture live attacker activity—recording real exploitation of CVEs, attacker IPs, payloads, and more. This telemetry is integrated into VulnCheck’s existing intelligence products to help security teams prioritize vulnerabilities based on real-world exploit behavior, give early warning of active campaigns, and provide verified, actionable data rather than theory.  https://www.vulncheck.com/blog/introducing-vulncheck-canary-intelligence
Post a Comment
Read more

GoDefender: Anti-Debug & Anti-Virtualization Toolkit for Go Applications

GoDefender is a Go library created by EvilBytecode that helps applications detect and defend against debugging tools, virtualization environments (like VMware or VirtualBox), and code injection techniques. Its modules include anti-debug checks (e.g., detecting if a debugger is attached), virtualization metrics (e.g., identifying sandboxed or emulated environments), and protections against DLL injection.   https://github.com/EvilBytecode/GoDefender
Post a Comment
Read more

Rebooting the OWASP Threat Modeling Project for Fresh Momentum

The Shostack + Associates blog announces a revival of the OWASP Threat Modeling Project, with Adam Shostack and other security experts stepping in as project leads. The reboot aims to build a more active community, produce practical and cohesive threat modeling guidance, and define a clear charter. They invite contributors from both inside and outside OWASP to join the effort on Slack and GitHub.  https://shostack.org/blog/owasp-threat-model-reboot/
Post a Comment
Read more