Scott Arciszewski

is creating open source software and researching security vulnerabilities

Select a membership level

Sincere Thanks
$1
per month
The "pay what you want" option.
Prime Supporter (0x1D)
$29
per month
You're not one-dimensional, you're prime. 29 is the Atomic number for Copper (which is used in wiring and might seem one-dimensional).

Patrons at this tier can suggest and vote on new/existing open source projects for when I'm doing dedicated OSS work.

Includes
  • Vote on OSS Direction
Prime Supporter (0x3D)
$61
per month
61 is the largest 6-bit prime and the atomic number of Prometheum, named after Prometheus, who stole fire from the Sun.


Patrons at this tier can suggest and vote on new/existing open source projects for when I'm doing dedicated OSS work.



Includes
  • Vote on OSS Direction

13

patrons

$131

per month

About

My name is Scott; people know me as @CiPHPerCoder on Twitter. I mostly build open source libraries that make it easier to build secure PHP applications, find/disclose vulnerabilities in open source software projects, and write blog posts that explain how to solve security problems at a fundamental level.

There are a few common themes to the work I normally do:

  • Software should be secure-by-default
    • Before this can happen, the frameworks, libraries, and tools we give our developers must be made secure-by-default
  • Security updates should be applied automatically (and securely)
    • A lot of my visible security research is in the realm of secure code delivery and authentication protocols
  • Security problems should be solved at a fundamental level, not stapled on with high-level complexity nor through burdening developers to jump through hoops
    • Prepared statements are superior than expecting developers to escape-then-concatenate user input with SQL queries

I'm definitely more of a "security for the 99%" guy than a "security for the 1% since they're paying the bills" sort of person, often to my own detriment. However, I believe that only helping the wealthy secure their systems is short-sighted: Compromising a widely used open source software project and enlisting a large slice of the Internet into a botnet can bring even the most powerful corporation's networks to its knees. Consequently, there is an inherent futility to only securing websites run by companies that can pay for a professional's time.

Put another way: Your rich client's availability problem, and everyone else's confidentiality or integrity problem, might very well be the same problem.

Thus I hack, and I code.

My active projects are tracked publicly here: https://github.com/paragonie-scott/public-projects...
Goals
$131 of $500 per month
I'll dedicate at least two days per year to either:

  • Developing a new open source library that solves a problem relating to application security, OR
  • Forking and improving a popular open source project
2 of 6
By becoming a patron, you'll instantly unlock access to 1 exclusive post
1
Writing
By becoming a patron, you'll instantly unlock access to 1 exclusive post
1
Writing

Recent posts by Scott Arciszewski

How it works

Get started in 2 minutes

Choose a membership
Sign up
Add a payment method
Get benefits