Open in app

Sign In

Write

Sign In

Collin Greene
Collin Greene

632 Followers

Home

About

Nov 1, 2017

Fixing security bugs

This article covers some ways I’ve gotten security bugs fixed inside a company. Finding bugs is a technical problem, fixing them is a human problem. Hacking: Exciting. Finding bugs: Exciting. Fixing those bugs: Not exciting. The thing is, the finish line for our job in security is getting bugs fixed¹…

Security

5 min read

Fixing security bugs
Fixing security bugs
Security

5 min read


Sep 16, 2017

Equifax + 3rd party code != security

It appears the Equifax breach hinged on an unupdated Apache Struts vulnerability. Lots of security people are talking about lots of different dimensions of this breach but one portion is the (in)secure use of 3rd party code. …

Security

3 min read

Equifax + 3rd party code != security
Equifax + 3rd party code != security
Security

3 min read


Jul 26, 2017

Some parts of being a great Engineer

Much ink has been spilled in defining, or refuting, the concept of the 10x engineer. A concept sometimes used in Silicon Valley to describe an engineer that is 10x more productive than an average engineer although the 10x metric is figurative. 10x or not there are definitely patterns in how…

Software Development

4 min read

Some parts of being a great Engineer
Some parts of being a great Engineer
Software Development

4 min read


Jul 12, 2017

Feedback loops

I’ve worked in three big areas in my career: building software, securing software and leadership. Each area has a different sized feedback loop. Building software has a very tight and immediate feedback loop. Get an idea, try to build the idea, fix/tweak/improve then finally ship. At the micro level its…

1 min read

1 min read


Jun 28, 2017

Outcomes > bugs

A reasonable mission for an application security team is to find and fix security bugs in a codebase. I held this view at one point and I now think this is subtly wrong and instead we actually care about outcomes, not bugs. A bug is a discrete flaw in software. …

Security

2 min read

Outcomes > bugs
Outcomes > bugs
Security

2 min read


Published in HackerNoon.com

·May 25, 2017

Manager lingo for engineers

A while back I changed from an engineer to a manager. With that came a whole new set of manager-y words that I had previously nodded along with but not deeply understood. This article is my definition of these concepts in a way engineer-Collin would understand. Preamble Engineers build¹ a $thing…

Engineering Mangement

4 min read

Manager lingo for engineers
Manager lingo for engineers
Engineering Mangement

4 min read


May 2, 2017

Business risk for security engineers

There are these two young fish swimming along and they happen to meet an older fish swimming the other way who nods at them and says “morning boys, hows the water?” And the two young fish swim on for a bit and eventually one of them looks over at the…

Security

6 min read

Business risk for security engineers
Business risk for security engineers
Security

6 min read


Published in Uber Privacy & Security

·Jan 31, 2017

From the Ground Up: Building Product Security at Uber

Because software has inherent vulnerabilities, smart security teams build protections inside and outside their code to help prevent exploits. The goal is not only to limit the impact of an unknown vulnerability, but to prevent future vulnerabilities from ever being written into code. To do this effectively, security must be…

Security

6 min read

From the Ground Up: Building Product Security at Uber
From the Ground Up: Building Product Security at Uber
Security

6 min read


Jan 27, 2017

Product security primitives

Working in software security for a while I’ve recognized a few core ideas that have helped guide the efforts of a product security team. I want to share these primitives and the opinions built upon them as essentially how I think about product security. All of these ideas are seen…

Security

8 min read

Product security primitives
Product security primitives
Security

8 min read


Published in HackerNoon.com

·Jan 15, 2017

Why product security is hard

When software security flaws can fetch over a million dollars it is useful to examine why building secure software is so difficult. All our work in security rests on these difficulties and this article aims to collect the specifics inherent in application security so followup articles can offer solutions. …

Security

3 min read

Why product security is hard
Why product security is hard
Security

3 min read

Collin Greene

Collin Greene

632 Followers
Following
  • Pronto

    Pronto

  • M.G. Siegler

    M.G. Siegler

  • Scott Galloway

    Scott Galloway

  • Julie Zhuo

    Julie Zhuo

  • Jodi Shaw

    Jodi Shaw

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech