Scott Arciszewski

Scott Arciszewski

is creating open source software and researching security vulnerabilities

14

patrons

$251

per month
My name is Scott; people know me as @CiPHPerCoder on Twitter. I mostly build open source libraries that make it easier to build secure PHP applications, find/disclose vulnerabilities in open source software projects, and write blog posts that explain how to solve security problems at a fundamental level.

There are a few common themes to the work I normally do:

  • Software should be secure-by-default
    • Before this can happen, the frameworks, libraries, and tools we give our developers must be made secure-by-default
  • Security updates should be applied automatically (and securely)
    • A lot of my visible security research is in the realm of secure code delivery and authentication protocols
  • Security problems should be solved at a fundamental level, not stapled on with high-level complexity nor through burdening developers to jump through hoops
    • Prepared statements are superior than expecting developers to escape-then-concatenate user input with SQL queries

I'm definitely more of a "security for the 99%" guy than a "security for the 1% since they're paying the bills" sort of person, often to my own detriment. However, I believe that only helping the wealthy secure their systems is short-sighted: Compromising a widely used open source software project and enlisting a large slice of the Internet into a botnet can bring even the most powerful corporation's networks to its knees. Consequently, there is an inherent futility to only securing websites run by companies that can pay for a professional's time.

Put another way: Your rich client's availability problem, and everyone else's confidentiality or integrity problem, might very well be the same problem.

Thus I hack, and I code.

My active projects are tracked publicly here: https://github.com/paragonie-scott/public-projects...
Tiers
Sincere Thanks
$1 or more per month
The "pay what you want" option.
Prime Supporter (0x1D)
$29 or more per month
You're not one-dimensional, you're prime. 29 is the Atomic number for Copper (which is used in wiring and might seem one-dimensional).

Patrons at this tier can suggest and vote on new/existing open source projects for when I'm doing dedicated OSS work.

Includes
  • Vote on OSS Direction
Prime Supporter (0x3D)
$61 or more per month
61 is the largest 6-bit prime and the atomic number of Prometheum, named after Prometheus, who stole fire from the Sun.


Patrons at this tier can suggest and vote on new/existing open source projects for when I'm doing dedicated OSS work.



Includes
  • Vote on OSS Direction
Prime Supporter (0x7F)
$127 or more per month
The largest 7-bit integer is also prime.

Patrons at this tier can suggest and vote on new/existing open source projects for when I'm doing dedicated OSS work.  

Includes
  • Vote on OSS Direction
Prime Supporter (0xFB)
$251 or more per month
251 is the largest prime that can be represented as an 8-bit number.


Patrons at this tier can suggest and vote on new/existing open source projects for when I'm doing dedicated OSS work.



Includes
  • Vote on OSS Direction
Prime Supporter (0x0209)
$521 or more per month
One of the NIST curves is P-521, which uses the Mersenne prime 2^521-1. 521 is also a prime number.

Patrons at this tier can suggest and vote on new/existing open source projects for when I'm doing dedicated OSS work.

Includes
  • Vote on OSS Direction
Prime Supporter (0x03FD)
$1,021 or more per month only 5 left
1021 is the largest prime that fits in 10 bits.


Patrons at this tier can suggest and vote on new/existing open source projects for when I'm doing dedicated OSS work, and their suggestions will be top priority.



Includes
  • High Priority OSS Direction
My name is Scott; people know me as @CiPHPerCoder on Twitter. I mostly build open source libraries that make it easier to build secure PHP applications, find/disclose vulnerabilities in open source software projects, and write blog posts that explain how to solve security problems at a fundamental level.

There are a few common themes to the work I normally do:

  • Software should be secure-by-default
    • Before this can happen, the frameworks, libraries, and tools we give our developers must be made secure-by-default
  • Security updates should be applied automatically (and securely)
    • A lot of my visible security research is in the realm of secure code delivery and authentication protocols
  • Security problems should be solved at a fundamental level, not stapled on with high-level complexity nor through burdening developers to jump through hoops
    • Prepared statements are superior than expecting developers to escape-then-concatenate user input with SQL queries

I'm definitely more of a "security for the 99%" guy than a "security for the 1% since they're paying the bills" sort of person, often to my own detriment. However, I believe that only helping the wealthy secure their systems is short-sighted: Compromising a widely used open source software project and enlisting a large slice of the Internet into a botnet can bring even the most powerful corporation's networks to its knees. Consequently, there is an inherent futility to only securing websites run by companies that can pay for a professional's time.

Put another way: Your rich client's availability problem, and everyone else's confidentiality or integrity problem, might very well be the same problem.

Thus I hack, and I code.

My active projects are tracked publicly here: https://github.com/paragonie-scott/public-projects...

Recent posts by Scott Arciszewski

Tiers
Sincere Thanks
$1 or more per month
The "pay what you want" option.
Prime Supporter (0x1D)
$29 or more per month
You're not one-dimensional, you're prime. 29 is the Atomic number for Copper (which is used in wiring and might seem one-dimensional).

Patrons at this tier can suggest and vote on new/existing open source projects for when I'm doing dedicated OSS work.

Includes
  • Vote on OSS Direction
Prime Supporter (0x3D)
$61 or more per month
61 is the largest 6-bit prime and the atomic number of Prometheum, named after Prometheus, who stole fire from the Sun.


Patrons at this tier can suggest and vote on new/existing open source projects for when I'm doing dedicated OSS work.



Includes
  • Vote on OSS Direction
Prime Supporter (0x7F)
$127 or more per month
The largest 7-bit integer is also prime.

Patrons at this tier can suggest and vote on new/existing open source projects for when I'm doing dedicated OSS work.  

Includes
  • Vote on OSS Direction
Prime Supporter (0xFB)
$251 or more per month
251 is the largest prime that can be represented as an 8-bit number.


Patrons at this tier can suggest and vote on new/existing open source projects for when I'm doing dedicated OSS work.



Includes
  • Vote on OSS Direction
Prime Supporter (0x0209)
$521 or more per month
One of the NIST curves is P-521, which uses the Mersenne prime 2^521-1. 521 is also a prime number.

Patrons at this tier can suggest and vote on new/existing open source projects for when I'm doing dedicated OSS work.

Includes
  • Vote on OSS Direction
Prime Supporter (0x03FD)
$1,021 or more per month only 5 left
1021 is the largest prime that fits in 10 bits.


Patrons at this tier can suggest and vote on new/existing open source projects for when I'm doing dedicated OSS work, and their suggestions will be top priority.



Includes
  • High Priority OSS Direction