https://miscreants.github.io/blog.trailofbits.com/authors/brad-swain/Recent content in Brad Swain on The Trail of Bits BlogHugoen-usWed, 24 Sep 2025 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/09/24/supply-chain-attacks-are-exploiting-our-assumptions/Wed, 24 Sep 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/09/24/supply-chain-attacks-are-exploiting-our-assumptions/Supply chain attacks exploit fundamental trust assumptions in modern software development, from typosquatting to compromised build pipelines, while new defensive tools are emerging to make these trust relationships explicit and verifiable.https://miscreants.github.io/blog.trailofbits.com/2025/02/21/dont-recurse-on-untrusted-input/Fri, 21 Feb 2025 00:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/02/21/dont-recurse-on-untrusted-input/We developed a simple CodeQL query to find denial-of-service (DoS) vulnerabilities in several high-profile Java projects.