Machine Learning Appsec testing – http://www.slideshare.net/babaroa/code-blue-2016-method-of-detecting-vulnerability-in-web-apps
Mozilla doesn’t trust Ernst & Young audits of CAs – https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/