Name: Bromure
Availability: InStock

I had a great time answering Mehul Revankar's interview about Bromure, Nessus and more. Mehul was my colleague at Tenable and is a co-founder at Quantro Security.

What we covered

The interview runs for about an hour. A few highlights:

The early days of Nessus. Starting the project in 1998, writing a parallel scanner that had to fit in 56 MB of RAM, shipping daily plugin updates in 2003 (effectively CI/CD before the acronym existed), and why I eventually dropped Perl for a purpose-built language called NASL.
"AppSec is dead." How AI-generated, self-healing infrastructure is quietly making large parts of traditional application security obsolete — and why deeply technical founders now have an unfair advantage, because they can actually tell an AI agent what to do instead of hoping it figures things out.
How Bromure was born. The short version involves a financial honeypot, a lot of scam links I did not want to open on my real machine, and the realization that nobody was shipping a browser that assumes it will be breached. The long version is in the podcast.
Overbearer. A proxy that masks the real bearer tokens and API keys used by internal automation, so a compromised CI runner or developer laptop does not instantly hand an attacker the keys to production.
Fundraising and the VC landscape. $200M seed rounds, losing control of your own exit, and why shipping two open-source tools in two weeks felt a lot healthier than chasing a unicorn valuation.

We also end on a short tour of the "vulnerability hall of fame" — WannaCry, Heartbleed, Log4Shell — and what each one taught the industry (or failed to).