President of @opensrcsec, developer of @grsecurity Personal account

Joined June 2011
Brad Spengler retweeted
Looks like bugtraq was just shut down. It hasn't been useful for a long time, but still an important footnote in vulnerability history. seclists.org/bugtraq/2021/Ja…
25
171
48
449
Brad Spengler retweeted
Food on the table while giving away code daniel.haxx.se/blog/2021/01/… I’m living the open source dream, working full time on the project I created myself: curl. But it's not entirely easy.
4
28
2
81
Show this thread
Churn involving debugging messages: you would be surprised how many stable backports get dropped due to conflicts resulting entirely from that
0
0
0
3
Great to see such a positive reception for the GCC Rust project! Happy to work with any interested companies on extending/expanding the funding for the work -- we want this to be a long-term success.
0
2
0
16
Brad Spengler retweeted
Why is GCC-Rust imperative for the future of Linux kernel security?
Excited to finally announce our funding of full-time development on a GCC Front-End for Rust! Work has already been underway since November. For more information on the security need that served as motivation and how to get involved, check out: opensrcsec.com/open_source_s… @Embecosm
1
23
1
76
Brad Spengler retweeted
Philip Herron discusses how he will achieve a Rust frontend of GCC: embecosm.com/2021/01/12/gcc-…
0
9
1
12
Brad Spengler retweeted
Excited to finally announce our funding of full-time development on a GCC Front-End for Rust! Work has already been underway since November. For more information on the security need that served as motivation and how to get involved, check out: opensrcsec.com/open_source_s… @Embecosm
0
29
9
77
Brad Spengler retweeted
I've published a blog post on improving the Windows AMD64 memset implementation: msrc-blog.microsoft.com/2021… cc @trav_downs
10
72
6
189
Brad Spengler retweeted
I think a news article that labels "Jetbrains" a "pathway for Russian hackers" needs to be backed up by something more than just anonymous "officials and executives" who received a brief on an "investigation". I think the company deserves facts and evidence.
8
43
4
177
Asking the important questions: lwn.net/Articles/841998/
0
1
0
12
Brad Spengler retweeted
0
59
2
95
I've always wondered: where are all the people complaining that Samsung doesn't upstream RKP? blog.longterm.io/samsung_rkp… I thought everyone loved coarse-grained CFI applied post-build via binary patching with a Python script? 🙂
1
1
0
11
Good stuff in the blog though, demonstrates why you really need the compiler to do the work (as we're doing)
0
0
0
3
Wrote an interview question today of the form "what would you do to avoid getting detected by X?" Some changes on the way based on my poking around :)
0
1
0
4
Brad Spengler retweeted
ICYMI over the holiday break: we're still looking for applicants, especially for the Linux Kernel Engineer and Software Engineer roles. Unsurprisingly, there was much interest in the Security Researcher role. Thank you!
We're hiring! Job openings for Security Researcher, Software Engineer, and Linux Kernel Engineer have been posted on our new company website: opensrcsec.com/careers
0
4
0
5
More information about the person is here: grsecurity.net/setting_the_r… Emails are always from a handful of anonymous remailers, they then spam the links to Reddit each time to drive the traffic up so it reaches your front page, even though the posts get no engagement
1
0
0
0
and each new anonymous user they create on Reddit gets banned by the mods (since again they've been doing this for years now). Latest crop is here: reddit.com/search/?q=lkml.or… where they created 5 separate accounts.
2
0
0
0
Show this thread
Retpolines have nothing to do with v1, and upstream still has nothing for v1 except ad-hoc manual patching of individual instances via some naive source code scanners
1
2
0
7
Show this thread