Joe Basirico

Joe Basirico
Find me on:

Recent Posts

With Apple's recent announcement about starting its first Bug Bounty Program this September, it raises the issue of why they waited so long and why they did finally did decide to create one. 

Bug Bounty Hunter (BBH)...

I want to run into traffic, fall into a pond, catch Pokémon while my wife is in labor, and find a dead body; let's check out this Pokémon Go thing!

Pop quiz: Is this a valid login screen for Google Account services?

Security Innovation strongly stands behind our corporate policy of Responsible Disclosure, which I’ve written about before. Building upon that, I feel that it’s important to accept and encourage Security Researchers to test...

How to Interview at Security Innovation

by Joe Basirico on October 6, 2014 at 9:16 AM

We've built a really exceptional team at Security Innovation made up of some of the best Security Engineers in the industry who are a closely knit group of friends who respect each other for their abilities and commitment....

Security Innovation’s manifesto on being a trusted advisor

Each client has different backgrounds as well as a different depth of knowledge, experience, comfort, maturity, and trust.  As trusted security advisors with genuine...

I've written before about how important responsible disclosure is for Security Researchers, and that responsibility for an effective process for notification and remediation falls on both the security researcher and the...

Gmail Changes to Displays Images by Default

by Joe Basirico on December 13, 2013 at 9:59 AM

Gmail recently changed the way it displays images to you (Official Gmail Blog). From a user perspective this can be good, from a security perspective this might be good, from a privacy perspective I'm not convinced this is a...

There are almost always multiple sides to any debate in software security. For that reason I find myself saying "It depends" far more than I may expect. I came across https://isios7jailbrokenyet.com/ a couple days ago and...

The recent wave of DDoS attacks  on banking web sites, and the Spamhaus DDoS attack (which was three to five times greater than the biggest attacks against U.S. banks) is reinforcing that, while the attacks aren’t...

Part 1 - Overview

There isn’t a security threat that you can think of that some security company’s marketing literature doesn’t promise a solution for. But despite the zeal of marketers and the production of many great...