TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Application Security Attackers Weaponize RubyGems for Data Dead Drops Attackers Weaponize RubyGems for Data Dead Drops by Alexander Culafi May 13, 2026 4 Min Read Сloud Security LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly by Alexander Culafi May 13, 2026 5 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America See All The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Cyberattacks & Data Breaches Vulnerabilities & Threats Cybersecurity Operations Сloud Security Commentary Since 2006, Dark Reading has been at the forefront of covering cybersecurity, providing deep insights and analysis beyond the headlines. All those major news events? We were there. Shifts in technology trends? We wrote about them. Enjoy this special anniversary coverage celebrating where we've been and what's next. Cyber Pioneers Ponder Past as Prologue Robert "RSnake" Hansen, Katie Moussouris, Rich Mogull, Richard Stiennon, and Bruce Schneier reflect on how their favorite columns penned for Dark Reading over the past 20 years have stood the test of time. Kelly Jackson Higgins , Becky Bracken May 15, 2026 8 Min Read Source: Mauritius images GmbH via Alamy Stock Photo Cyber Pioneers Ponder Past as Prologue As part of Dark Reading's 20th Anniversary celebration, we asked some of our high-profile cybersecurity industry leaders who wrote blogs or columns for us over the years to look back and select their favorite piece, and then share their reflections on the topic today, through the lens of history. This was no small task. Multiple CMS and platform migrations over two decades at Dark Reading sadly meant that some of our content, including columnists' pieces, were lost to the Internet and left to the whims of Wayback Machine website screenshots. But our creative columnists were able to dig into the Dark Reading archives for their picks and share their thinking at the time, as well as examine how history has treated the topic. So kick back and enjoy these insightful retrospectives from Dark Reading contributing columnists and industry leaders Robert Hansen (aka RSnake), Katie Moussouris, Rich Mogull, Richard Stiennon, and Bruce Schneier. RSnake's Robot Research Comes Full Circle Source: @RSnake on X Robert (RSnake) Hansen, managing director of Grossman Ventures and CTO at Root Evidence, reflects on his groundbreaking Dark Reading column from Feb. 19, 2007, titled, " Die, Robot: If you're going to play with bots, best to know defense and offense ." "Dark Reading for me was the mental equivalent of building in public. I would test ideas with the general public and give them context for why I felt the way I did and therefore, in some respects, it was deeply personal, as in the case of the first really well-built robot scrapers in this article. "I ended up writing an entire book called Detecting Malice on the topic, and how insanely far we have come, where AI is now scraping everything and companies are doing everything they can to make their APIs into MCPs go faster. Even Cloudflare has a single API endpoint to scrape an entire site now, and there are lawsuits against the LLM providers for scraping. Times have both changed and yet stayed exactly the same." Katie Moussouris: AI-Fueled Bug Discovery Could Backfire Source: SPOA Images, Ltd. via Alamy Stock Photo Luta Security founder and CEO Katie Moussouris reminisces on writing about bug bounties for Dark Reading and her notable column from Aug. 13, 2015, " The Truth About Bug Bounties: What Oracle CSO Mary Ann Davidson Doesn't Get About Modern Security Vulnerability Disclosure ." "When I wrote about bug bounties years ago, there was a lot of optimism that crowdsourcing vulnerability discovery would dramatically improve security. The point then was that bug bounties weren't a silver bullet — they were meant to complement secure development, not replace it. "Fast forward to today and AI has poured gasoline on the model. Automated testing and AI-assisted research are making it far easier — and much faster — to find potential vulnerabilities. The problem is that triage is still mostly human, and humans don't scale like GPUs. Programs that were already stretched are now getting flooded. "For organizations already feeling like they're on fire, AI just showed up with a flamethrower. Without major investment in building more secure code and dramatically improving how quickly patches and mitigations can be deployed, many will simply burn down to ash under the volume. "The part that worries me most is open source. Maintainers were already overwhelmed before AI supercharged vulnerability discovery. If that ecosystem buckles under the load, it won't just affect a few projects; it will affect everything that depends on them. Log4j was the wake-up call that exposed how fragile the software supply chain really is. AI is accelerating both discovery and dependence at the same time, and the uncomfortable truth is that the industry may not be ready for what humans have just unleashed." Rich Mogull: 'Simple Doesn't Scale' in Cyber Source: Cloud Security Alliance Chief analyst at the Cloud Security Alliance and CEO of Securosis Rich Mogull explains one of his foundational cybersecurity principles, "Simple Doesn't Scale," which was first introduced in a Dark Reading post back on July 7, 2011. "The main thing I noticed going back into my old Dark Reading posts is that … first, the author images have hair, and second, I really should have been shaving my head sooner. "While I was highly tempted to select my very first cloud security post from 2009 , the one that really resonates the most is my 'Simple Isn't Simple' post, which I think I changed to a tweet as 'Simple Doesn't Scale.' This post has been one of my mantras since I wrote it in 2011, and I think I even described an early version of Wendy Nather's Security Poverty Line. "Why did I pick it? Because as we face waves of automated AI-discovered vulnerabilities, as just highlighted by Anthropic's Mythos, our ability to scale simple will define the state of our security like never before." Richard Stiennon: Why PCI DSS Revolutionized Cyber-Risk Source: Richard Stiennon Chief research analyst at IT-Harvest Richard Stiennon back in November of 2006 was praising the payment card industry's adoption of PCI Data Security Standard in a Dark Reading column titled " Finally, A Standard With Teeth ." "In 2006, the payment card industry started to get serious about the two-year-old PCI Data Security Standard. I must have been triggered to write about it when they announced the creation of the PCI Security Standards Council (PCI SSC), a governing council to oversee further changes to the standard. By December, they announced stronger enforcement action as well. "I still feel that PCI DSS is one of the most effective security standards because it has teeth. It also gave rise to an entire industry to provide continuous security scans (which is still with us today) — and even evolving into third-party risk scoring, breach and attack simulation, and agentic red teaming. "The standards and regulations that I implied were toothless have grown their own incisors with significant enforcement actions recorded for each of them. The scariest fangs belong to the SEC, which evolved from wishy-washy Sarbanes-Oxley enforcement to prosecuting the CISO of SolarWinds. "The surest sign that the security industry is maturing is the plethora of regulations that have arisen in the last 20 years. Those regulations shape the industry. Of the 4,029 active vendors that I track, the largest category (587 vendors) is governance, risk, and compliance. " Schneier on the Intersection of Encryption and AI Source: Bruce Schneier Renowned technologist and author Bruce Schneier contributed a column on June 20, 2010, warning about cryptography's inability to secure modern networks , a point he says he has been trying to argue since 2000. "For a while now, I've pointed out that cryptography is singularly ill-suited to solve the major network security problems of today: denial-of-service attacks, website defacement, theft of credit card numbers, identity theft, viruses and worms, DNS attacks, network penetration, and so on. "Recently, I talked to a former NSA employee at a conference. He told me that back in the 1990s, he had a copy of my book Applied Cryptography by his desk, as did many other cryptographers working at Ft. Meade. People were allowed to refer to it, but they were not allowed to cite it. "The 1990s were an important decade for cryptography. This was before the internet went mass market, when cryptography was just emerging from a niche academic discipline to a mainstream engineering one. There wasn't much that programmers could read. The NSA used my book