Security Advisories

Independent Security Research

Here are the security advisories that I have released, or plan to release in the near future. The naming convention is ASA-nnnn where ASA stands for "After" Security Advisory.


I spend some of my time at Rapid7 doing security research and had the occasion to publish those as well (see below). The scariest one is probably R7-0022 because it demonstrates even security software vendors can make the most basic mistakes when implementing cryptography.