Crash Override

🚨 Opengrep: The Security Industry Deserves Better 🚨 The open-source world thrives on collaboration, sustainability, and fairness. But what happens when companies exploit an open-core model for their own gain—without contributing back? That’s exactly what’s happening with Opengrep, a fork of Semgrep wrapped in FUD and misinformation. The so-called “consortium” behind it is claiming a rug-pull, but the truth is far less noble. 🔹 Open-core is a well-established, sustainable model (Elastic, Kafka, Neo4J). 🔹 If you build a business on open-core, you don’t get to cry wolf when it works as intended. 🔹 Supporting open-source means giving back—not just taking what’s convenient. This isn't about democratizing security; it's about self-interest at the expense of a community. If you’re in AppSec, this is worth a read. Read the full breakdown here: 👉 https://lnkd.in/er5V4YrV #CyberSecurity #OpenSource #AppSec #Semgrep #OpenGrep #SecurityIndustry

The Security Industry Needs More 'Easy Buttons' 🤯 The 'Shift Left' movement loves throwing complex tasks at developers, but expecting them to be security gurus is a recipe for burnout and buggy code. 💫 What if we flipped the script? Instead of piling on work, let's make security easier to implement. 😱 Think TLS - it went from a nightmare to a no-brainer. We can do the same for other critical security measures. How? ✅ Less Friction 🚀 High-Impact Initiatives 💡 Investing in "Easy Buttons" Sound difficult? It is! But if TLS can go from complex to commonplace, anything can! https://lnkd.in/d8JAwWcd #security #cybersecurity #devsecops #easybuttons #innovation

Security Marketing Exposed - Part One. Why understanding marketing is a super power for running operational security programs https://lnkd.in/emkkpZNV

This article is written for operational security people. The thesis is that if you understand marketing and how it works, then you can use that knowledge to apply tried and tested marketing techniques in your operational security programs. You can also use it to cut through the industry noise and hype from tools and services vendors, but that’s not the focus of the article. I think understanding marketing is a super-power for operational security teams.

Mark Curphey has just published an article. We convinced that security has turned an important corner. Welcome to the post alerts and issues era, where whack-a-mole is dead, and teams are now embracing security insecticides. https://lnkd.in/dpQ7kBhr

Crash Override is honored to sponsor the Annual SINETNew York on October 16. We hope you will join us at The Times Center, for an exciting day of thought leadership, knowledge sharing, and building connections with the Cyber ecosystem. View the speakers, agenda, and register here https://lnkd.in/e7erHs37 @Robert Rodriguez and SINET

Our articles are finally flowing again. https://lnkd.in/dcv-gyyH

If you will be at the @RSAConference and would like to chat about Chalk, what we are doing with our platform, or just appsec in general, let us know. We would love to meet - email us hello@crashoverride.com or https://lnkd.in/gzEjTEJF

On Monday we recorded a video podcast with the folks at Secure Computing, talking about funding models for open source security tools and security communities. You can watch the video recording here - https://lnkd.in/eMFWKhjT

There are too many people in the security industry that are too fast to condemn C/C++, touting the virtues of Rust without fully understanding the nuances and implications. Rust may be a safer language but it’s not that simple. https://lnkd.in/eeeTiZGg