Jack Cable's Avatar

Jack Cable

@jackhcable.bsky.social

CEO & Co-founder at Corridor. Previously: Senior Technical Advisor at CISA, TechCongress in the Senate, Krebs Stamos Group, CISA, Defense Digital Service, and Stanford.

1,334 Followers  |  257 Following  |  15 Posts  |  Joined: 19.08.2023  |  1.5281

Latest posts by jackhcable.bsky.social on Bluesky

“Innovation Nation” Field Hearing at Stanford’s Hoover Institution on US Cybersecurity Posture – Committee on Homeland Security

Today, I’ll be testifying to the House Homeland Security Committee during a hearing at Stanford.

Tune in here: homeland.house.gov/hearing/comm...

28.05.2025 16:26 — 👍 4    🔁 2    💬 0    📌 0
Advancing Secure by Design through Security Research It is essential for U.S. policymakers to actively protect and promote the role of security research within an open and transparent ecosystem.

We call on Congress to protect security researchers by codifying the DMCA security research exemption, exempt good-faith security research from the CFAA, and make it a baseline requirement for software vendors to operate a VDP and publish CVEs.

www.lawfaremedia.org/article/adva...

25.04.2025 16:35 — 👍 3    🔁 2    💬 0    📌 1
Advancing Secure by Design through Security Research It is essential for U.S. policymakers to actively protect and promote the role of security research within an open and transparent ecosystem.

New from Jen Easterly and me: as threats to our critical infrastructure increase, U.S. policymakers need to defend + strengthen the role of security research. This is personal for me, having received legal threats for good-faith security research.

www.lawfaremedia.org/article/adva...

25.04.2025 16:35 — 👍 2    🔁 2    💬 1    📌 0
LinkedIn This link will take you to a page that’s not on LinkedIn

More to come soon, but for now:

1. We're hiring for founding engineers. If you or anyone you know might be a good fit, please reach out.
2. We're building a cohort of early customers to iterate with. If you're interested, join our waitlist here: forms.gle/cRF1T2FPemfb...

20.03.2025 19:56 — 👍 0    🔁 0    💬 0    📌 0

Companies have struggled with application security for decades, and AI-generated code is only making it harder. A better future is possible, in which companies enforce secure guardrails and root out entire classes of vulnerabilities. At Corridor, we're making that future a reality.

20.03.2025 19:56 — 👍 0    🔁 0    💬 1    📌 0
Preview
Corridor Waitlist Interested in learning more about Corridor? Fill out this form to join our waitlist. By submitting this form, you opt in to receiving emails from Corridor.

📢 Excited to share that I started a new company, Corridor, with Ashwin Ramaswami! Corridor is the AI-powered secure by design platform – and we're backed by @stamos.org, Chris Krebs, Christina Cacioppo, @alip.bsky.social at Neo, and Sarah Guo at Conviction.

forms.gle/3LsFxtNqzok2...

20.03.2025 19:56 — 👍 10    🔁 1    💬 1    📌 0
Preview
A CISA secure-by-design guru makes the case for the future of the initiative The initiative had led to tangible changes, Jack Cable said upon his exit from the agency as senior technical adviser.

After two incredible years, today is my last day at CISA. Immensely grateful to have been able to drive CISA's work on Secure by Design, spurring commitments from 250 software manufacturers and publishing guidance with over a dozen int'l partners.

My exit interview: cyberscoop.com/jack-cable-c...

16.01.2025 15:44 — 👍 13    🔁 2    💬 0    📌 0

3 (cont). As it turns out, encryption is standard these days and personal VPNs simply shift risk from your ISP to a VPN provider.
4. Other practices to secure your mobile devices, such as lockdown mode on iOS.

Read here: www.cisa.gov/sites/defaul...

18.12.2024 18:02 — 👍 1    🔁 2    💬 1    📌 0
Post image

🔒 New from CISA, some tips on protecting your communications in light of compromises of telecom infrastructure. Includes:

1. Use only end-to-end encrypted messaging apps such as Signal.
2. Enable FIDO auth (security keys or passkeys) wherever possible.
3. Do not use a personal VPN.

18.12.2024 18:02 — 👍 4    🔁 0    💬 1    📌 1
Microsoft Forms

📣 CISA is hosting an info session on the Secure by Design Pledge on Monday, Dec 9 from 10-12pm in San Francisco. Come to hear from Bob Lord, me, and a panel with pledge signers around progress and lessons learned from the pledge.

Register here: forms.office.com/g/Ta5g0P6Q5m

27.11.2024 18:33 — 👍 2    🔁 0    💬 0    📌 0
Product Security Bad Practices | CISA This voluntary guidance provides an overview of product security bad practices that are deemed exceptionally risky, particularly for software manufacturers who produce software used in service of crit...

ICYMI: CISA published the Product Security Bad Practices for public comment, due Dec 16.

Included in the bad practices: development of new products in memory unsafe language, inclusion of user input in SQL queries/OS commands, default passwords, and more.

www.cisa.gov/resources-to...

15.11.2024 16:52 — 👍 6    🔁 1    💬 0    📌 0
Jack Cable - The U.S. Government's Approach to Open Source Security - All Things Open 2024
YouTube video by All Things Open Jack Cable - The U.S. Government's Approach to Open Source Security - All Things Open 2024

My keynote from All Things Open is now online, covering Secure by Design, open source AI, and our Product Security Bad Practices guidance: www.youtube.com/watch?v=Furf...

13.11.2024 22:03 — 👍 4    🔁 1    💬 0    📌 0
Post image Post image Post image Post image

It's the six-month anniversary of CISA's secure-by-design pledge. I talked to @jackhcable.bsky.social about how things are going and what's next: therecord.media/cisa-jack-ca...

New details in here about participant workshops, CISA's plans for tracking progress, and version 2.0 of the pledge.

08.11.2024 17:46 — 👍 6    🔁 4    💬 1    📌 0
Preview
Preventing Ransomware Attacks at Scale Ransomware attacks — like the one on Change Healthcare — continue to cause major turmoil. But they are not inevitable. Software manufacturers can build products that are resilient against the most com...

Today, I published in the Harvard Business Review on how business leaders of software manufacturers can prevent ransomware attacks at scale with more secure by design software.

Read here: hbr.org/2024/04/prev...

23.04.2024 21:15 — 👍 2    🔁 0    💬 0    📌 0

Great joining @rosenzweigp.bsky.social on the Lawfare Podcast! Tune in for some holiday listening to hear from Lauren Zabierek, Bob Lord and me on CISA's path forward on Secure by Design.
www.lawfaremedia.org/article/the-...

22.12.2023 18:08 — 👍 1    🔁 0    💬 0    📌 0
Preview
Request for Information on “Shifting the Balance of Cybersecurity Risk: Principles and Approaches ... CISA requests input from all interested parties on the white paper ``Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software.''

Have thoughts on Secure by Design? Yesterday, CISA announced a Request for Information on Secure by Design.

Have thoughts on eliminating classes of vulns, security education for developers, economics, AI, OT, and more? Check it out and respond (by Feb 20): www.federalregister.gov/documents/20...

21.12.2023 18:13 — 👍 2    🔁 0    💬 0    📌 0

@jackhcable is following 20 prominent accounts