J.M. Porup

Senior Writer

J.M. Porup has been a security geek since 2002, when he got his first job in IT. Since then he's covered national security and information security for a variety of publications, and now calls CSOonline home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent.

Bug bounties offer legal safe harbor. Right? Right?

Do you need a vulnerability disclosure program? The feds say yes

Do you need a vulnerability disclosure program? The feds say yes

The FTC and DOJ are pushing companies to provide a means for good-faith security researchers to report bugs and put effective processes in place to act on those reports.

What are deepfakes? How and why they work

What are deepfakes? How and why they work

Once the bailiwick of Hollywood special effects studios with multi-million-dollar budgets, now anyone can download deepfake software and use machine learning to make believable fake videos. This makes a lot of people nervous.

Can cyber insurance cover acts of cyber terrorism?

Can cyber insurance cover acts of cyber terrorism?

Cyber insurance policies do not typically cover physical destruction or loss of life, but the UK government-backed reinsurer, Pool Re, announced this year it will cover acts of cyber officially deemed "terrorism" by Her Majesty's...

What is the Tor Browser? How it works and how it can help you protect your identity online

What is the Tor Browser? How it works and how it can help you protect your identity online

The Tor Browser is a web broswer that anonymizes your web traffic using the Tor network, making it easy to protect your identity online.

Duty of care: Why (and how) law firms should up their security game

Duty of care: Why (and how) law firms should up their security game

Lawyers have been slow to adopt modern technology — and even slower to respond to security threats. That may be changing.

What is a zero-day exploit? A powerful but fragile weapon

What is a zero-day exploit? A powerful but fragile weapon

A zero-day is a security flaw that has not yet been patched by the vendor and can be exploited. These vulnerabilities fetch high prices on the black market

Does cyber insurance make us more (or less) secure?

Does cyber insurance make us more (or less) secure?

Underwriting cyber risk remains more art than science, but in the absence of regulation, cyber insurance might still be the best hope for improving cybersecurity practices across the board — at least for now.

Information security in a war zone: How the Red Cross protects its data

Information security in a war zone: How the Red Cross protects its data

The International Committee of the Red Cross faces unique and extreme security threats across the globe. Technology is not always the best defense.

What is Shodan? The search engine for everything on the internet

What is Shodan? The search engine for everything on the internet

Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.

Scapegoating security researchers harms society

Scapegoating security researchers harms society

Want your government to stop punishing the security community for its own lapses? Become a better teacher and advocate for what you do.

GreyNoise: Knowing the difference between benign and malicious internet scans

GreyNoise: Knowing the difference between benign and malicious internet scans

Used with Shodan, this "search engine that looks at people scanning the internet" can help you pick bad actors out of the noise.

Load More