Scott Helme

1. CVE-2025-49844 - The Redis CVSS 10.0 vulnerability and how we responded

   We're very public and open about our infrastructure at Report URI, having written many blog posts about how we process billions of telemetry events every single week. As a result, it's no secret that we use Redis quite heavily across our infrastructure, and some have asked

   Published Tue, Oct 14, 2025

2. Capture JavaScript Integrity Metadata using CSP!

   Today we're announcing the open beta of a brand new and incredibly powerful feature on the Report URI platform, CSP Integrity! Having the ability to collect integrity metadata for scripts running on your site opens up a whole new realm of possibilities, and it couldn't be

   Published Mon, Sep 29, 2025

3. We're going High Availability with Redis Sentinel!

   We've just deployed some mega updates to our infrastructure at Report URI that will give us much more resilience in the future, allow us to apply updates to our servers even faster, and will probably go totally unnoticed from the outside!Our previous Redis setupI've

   Published Mon, Aug 18, 2025

4. Automation improvements after a Tesla Powerwall outage!

   So, a weird thing happened over the last couple of days, and my Tesla Powerwalls weren't working properly, or, at all, actually... What's even more strange is that Tesla has been completely silent about this and hasn't made a single announcement about the issue

   Published Mon, Aug 11, 2025

5. OWASP ASVS 5.0.0 is here!

   I've been a huge fan of OWASP for a very long time, having spoken at their conferences, contributed to their projects, consumed many of their resources and met some really awesome people along the way! Just recently, one of the very popular OWASP projects, the Application Security Verification

   Published Mon, Aug 4, 2025

6. Trillion with a T: Surpassing 2 Trillion Events Processed!🚀🚀

   We’ve just passed a monumental milestone: 2 trillion events processed through Report URI!!! That’s 2,000,000,000,000 events for CSP, NEL, DMARC, and other browser-generated and email telemetry reports—ingested, parsed, and processed for our customers!This is a phenomenal milestone to achieve

   Published Wed, Jul 2, 2025

7. V2: Hacking my Tesla Powerwalls to be the ultimate home energy solution!

   In my first blog post about hacking my Tesla Powerwalls, I laid out all of the foundations and information about my home energy setup. You really need to read that blog post first as I'm going to be building on all of that work here, and assuming that

   Published Fri, Jun 13, 2025

8. Shorter certificates are coming!

   Well, I was certainly hoping for this result, but wasn't necessarily expecting it! I'm pleased to report that Ballot SC-081v3 passed, and that shorter certificate lifetimes are now coming!The ScheduleI will go into more detail later in the post, but right now, let'

   Published Tue, Apr 22, 2025

9. Hacking my Tesla Powerwalls to be the ultimate home energy solution!

   I've had solar and batteries at home for quite some time now, and despite my experience with them being really awesome, there were a few little things that were bugging me. Using systems from various different suppliers doesn't always provide the perfect integration, so I hacked

   Published Mon, Apr 21, 2025

10. PCI DSS FAQ SAQ WTF BBQ...

    I was trying to come up with a sensible title for this blog post, but I feel this one mirrors the thoughts and feelings of many of us about recent events in the PCI DSS compliance space! There have been some significant changes in recent weeks, and with just 18

    Published Thu, Mar 13, 2025

11. Report URI: Launching Policy Watch and other improvements!

    As we continue to expand and improve our offering, one particular area of focus over recent months has been on PCI DSS Compliance. Whilst 'compliance' might not be the first thing that many get excited about, the recent requirements introduced by the PCI SSC required some pretty solid

    Published Tue, Mar 11, 2025

12. Let's Encrypt to offer 6-day certificates!

    Continuing their trend of radical change for the better, Let's Encrypt have announced that, this year, you will be able to request certificates with a validity period of only 6 days!Let's EncryptI remember sitting in the room for this DEF CON 23 panel discussion

    Published Tue, Mar 4, 2025

13. Updating to Pi-hole v6 and enabling HTTPS!

    I first deployed my Pi-hole back in 2018 and ever since then, I've never looked back! Pi-hole have just dropped a pretty major update and, of course, I wanted to get HTTPS up and running on the Web UI like I had before. Pi-hole v6I won'

    Published Wed, Feb 26, 2025

14. Stronger Than Ever: How We Turned a DDoS Attack Into a Lesson in Resilience

    Operating an online service like Report URI, it comes with the territory. The ever present threat of attack is something we are fully aware of, and prepare for as best we can. Being the regular subject of attacks, mostly handled by our robust systems and automated defences, these attacks mostly

    Published Mon, Feb 3, 2025

15. Let's Encrypt to end OCSP support in 2025

    Well, the writing has been on the wall for some years now, arguably over a decade, but the time has finally come where the largest CA in the World is going to drop support for the Online Certificate Status Protocol.What is OCSP?The Online Certificate Status Protocol is a

    Published Mon, Dec 30, 2024