Posts

FreeBSD Released the Most Security Advisories in Project History in June 2026

Image
On average, the FreeBSD security team releases about 2 security advisories per month. AI has changed this.    In April, the project released 8 advisories, with 6 powered by AI .  In May, the count decreased slightly to 7.    Today I took a look at the FreeBSD Security Advisory page to check the latest advisory count.   June saw the most number of advisories ever published in project history: 25.   This blows away the previous record of 18 from January 2001. The other big spike was 11 in January 2016.   AI apaprently discovered at least 9 of the June 2026 FreeBSD vulnerabilities.   On 15 June the FreeBSD Foundation announced the FreeBSD AI-assisted Vulnerability Discovery Project :   "The 6-month project is being funded by a grant from the Alpha Omega project.    The funds will be used to engage FreeBSD Security Team members under fixed-term contracts to find and patch vulnerabilities.    The Security Team’s access to...

I Wrote a New Book for Corelight

Image
TLDR: I wrote a new book for Corelight called NDR Essentials . It's free at that link. This is the 10th book that I've authored or co-authored. The rest are all posted at taosecurity.com .    Why? It was time . That’s what I thought when I heard that Corelight wanted to update its 2021 book on network detection and response (NDR). Tamara Crawford, who owned the project, scheduled a meeting with me and asked if I might be interested in helping, depending on who might write the text. I volunteered immediately to write the whole book, but I had a few conditions. The text had to be at least 100 pages long, because 100 pages is my personal dividing line between “book” and “white paper.” I needed the freedom to cover the topics I wanted to address, and to not be told what to write. I wanted to show the four network security monitoring (NSM) data types working in a vendor-neutral manner, with technical details. Finally, I knew this project would take several month...

Bill to Create Independent US Cyber Force Wants to Place It Under the US Army

It looks like we're finally making progress towards an independent US Cyber Force: https://www.csis.org/programs/strategic-technologies-program/projects/commission-us-cyber-force-generation However, this bill by Sen Gillibrand to put it under the Army isn't the best idea. https://www.airandspaceforces.com/new-push-for-separate-cyber-force-builds-but-questions-remain/ I get it -- Navy has the Marine Corps, Air Force has the Space Force, Army has... nothing? But the Coast Guard doesn't slot under anyone either. It would be a step backwards to put Cyber under Army.

Mandiant Global Median Dwell Time Deteriorates from 11 to 14 Days

Image
  Oh snap. My single most important cybersecurity metric deteriorated again.  In the M-Trends report for calendar year 2024, Mandiant’s global median dwell time metric worsened from 10 to 11 days. In the newest report, released today, for calendar year 2025, that metric worsened again, from 11 to 14 days.  In other words, organizations are taking even longer to detect and respond to intrusions. 10 days was already still too much, in a world where teams need to detect and contain in an hour to be effective.  I’m not a doomer. We made amazing progress since 2011, when median global dwellers time was over 400 days. But, two bad years in a row has never happened. Before last year, the metric had always improved! It’s possible Mandiant is just dealing with ever tougher cases. I have to dig into the full report. 

Happy 23rd Birthday TaoSecurity Blog

Image
  Happy birthday TaoSecurity Blog, born on this day in 2003! The best way to digest the key lessons from this site is to browse my four volume Best of TaoSecurity Blog book series , published in 2020. It's available in print as seen here, or as a properly formatted HTML-based digital book -- none of that PDF-based fixed format nonsense. Each book is a theme-centric collection of posts with new commentary for each entry. Some of what I wrote stood the test of time, and some did not. See what you think. Or, just scroll backwards through this site. Thank you to Blogspot and Google for hosting this blog for the last 23 years! This is post number 3,094 by the way.    

We have achieved FreeBSD 15.0-REL with KDE Plasma

Image
  Houston, we have installed #FreeBSD 15.0-REL with KDE Plasma 6.4.5 on a Lenovo ThinkPad X1 Carbon Gen 6 laptop. I have come full circle. I used to daily drive FreeBSD 5.x on a Thinkpad a20p in the early 2000s. Today I used the "technology preview" method for pkg installation, too. I posted this from the laptop, of course!! Thanks to everyone who made this possible, including the parties who made the script to install KDE with one command.

I'm Hosting a New Podcast

Image
  I'm hosting a new podcast for Corelight. Check out my first episode with our field CTO, Vince Stoffer. Expect new episodes every two weeks. This is no buddy cop discussion -- max content, minimum banter, in about 15 minutes!  https://open.spotify.com/episode/0SD2gUvIuB65YFmjjtXfTR https://podcasts.apple.com/us/podcast/corelight-defendrs/id1843154362 https://www.youtube.com/watch?v=IgmZxV2OP9k