Suggestions for other story times?

David A. Wheeler


Feedback on the "Secure Software Development Fundamentals course"
indicated that many really liked our "Story Time" sections. These give
specific real-world examples of attacks.

As a result, I plan to add these two new story times soon:

* Typosquatting -
* Ashley Madison (MD5 vs. bcrypt/argon2id) -

If you have suggestions on other story times, beyond the 12 listed above and below,
please let me know. We want stories that have heard in the news, are
clear (so they can quickly grasp a useful lesson), and
illustrate an issue we haven't already illustrated with some other story.

*Bonus* points if you do this as a pull request :-).

--- David A. Wheeler

=== Current story times ===

😱 STORY TIME: Equifax
😱 STORY TIME: Target Breach
😱 STORY TIME: Heartbleed
😱 STORY TIME: NetUSB CVE-2021-45608
😱 STORY TIME: SaltStack
😱 STORY TIME: VestaCP Link Following Vulnerability (CVE-2021-30463)
😱 STORY TIME: Apple **goto fail; goto fail;**
😱 STORY TIME: Log4Shell / log4j
😱 STORY TIME: Vulnerable Keys Generated by Debian/Ubuntu’s OpenSSL
😱 STORY TIME: Subversion of SolarWinds Orion’s Build System