I’m Now a Full-Time Professional Open Source Maintainer

or, "Holy shit, it works!" Last May I left my job on the Go team at Google to experiment with more sustainable paths for open-source maintainers. I held on to my various maintainer hats Go cryptography, transparency tooling, age, mkcert, yubikey-agent…, iterated on the model since September, and ...

Cyber Risk Retainers: Not Another Insurance Policy

The one-two punch of a cyberattack can be devastating. There is the breach and then the related mitigation costs. Implementing a comprehensive Incident Response IR gameplan into a worst-case-scenario should not be a post-breach scramble. And when that IR strategy includes insurance, it also must...

Harvest: Invoices can be added to any retainers - even closs-platform

Summary ------ Hey team, there is an IDOR bug, which allows me to add an invoice to any retainer I wish, even if the retainer belongs to another app/subdomain. Steps to reproduce --------- 1. Make sure you have two apps A and B 2. In A create a retainer, let's say it has id 1234. 3. In B open thi...