infosec

Illustration of signal vs. noise

False Positive or Noise? Smart security teams still get this wrong

Before you report a security finding as a "false positive", make sure you distinguish between FPs and noise. The difference matters, and more people get it wrong than you'd expect

A concerned orange octopus is thoughtfully looking at a laptop

The MITRE Thing was a wake-up call

MITRE almost lost funding for a big part of the CWE and CVE programs in 2025. That matters, and we need to act even though it worked out this time.

An octopus is considering information architecture (AI-generated illustration)

What if you're doing security wrong?

Maybe information security is about more than just protecting information