ReDoS - the security threat that no-one knows about. At least that how it seems, every time I talk to developers about ReDoS and get blank looks. Or when the results of a code audit highlight a bunch of evil regular expressions.

We need to talk about ReDoS. In this post, I’ll explain what ReDoS actually is, and what developers can do about it.