Scott Arciszewski
creating open source software and researching security vulnerabi
- 8 posts
- $1.9/month
My name is Scott; people know me as @CiPHPerCoder on Twitter. I mostly build open source libraries that make it easier to build secure PHP applications, find/disclose vulnerabilities in open source software projects, and write blog posts that explain how to solve security problems at a fundamental level.
There are a few common themes to the work I normally do:
I'm definitely more of a "security for the 99%" guy than a "security for the 1% since they're paying the bills" sort of person, often to my own detriment. However, I believe that only helping the wealthy secure their systems is short-sighted: Compromising a widely used open source software project and enlisting a large slice of the Internet into a botnet can bring even the most powerful corporation's networks to its knees. Consequently, there is an inherent futility to only securing websites run by companies that can pay for a professional's time.
Put another way: Your rich client's availability problem, and everyone else's confidentiality or integrity problem, might very well be the same problem.
Thus I hack, and I code.
My active projects are tracked publicly here: https://github.com/paragonie-scott/public-projects...
There are a few common themes to the work I normally do:
- Software should be secure-by-default
- Before this can happen, the frameworks, libraries, and tools we give our developers must be made secure-by-default
- Security updates should be applied automatically (and securely)
- A lot of my visible security research is in the realm of secure code delivery and authentication protocols
- Security problems should be solved at a fundamental level, not stapled on with high-level complexity nor through burdening developers to jump through hoops
- Prepared statements are superior than expecting developers to escape-then-concatenate user input with SQL queries
I'm definitely more of a "security for the 99%" guy than a "security for the 1% since they're paying the bills" sort of person, often to my own detriment. However, I believe that only helping the wealthy secure their systems is short-sighted: Compromising a widely used open source software project and enlisting a large slice of the Internet into a botnet can bring even the most powerful corporation's networks to its knees. Consequently, there is an inherent futility to only securing websites run by companies that can pay for a professional's time.
Put another way: Your rich client's availability problem, and everyone else's confidentiality or integrity problem, might very well be the same problem.
Thus I hack, and I code.
My active projects are tracked publicly here: https://github.com/paragonie-scott/public-projects...
7
Total members
1
Paid member
8
Posts
$1.9
Per month
