Devdatta Akhawe @frgx
Engineering @figma. Previously, Dropbox and Berkeley Grad Student. Opinions are my own, and mostly wrong. Him/he. Also on @[email protected] devd.me Issaquah, WA Joined February 2009-
Tweets6K
-
Followers4K
-
Following1K
-
Likes8K
Great post! I often talk about how, for modern cloud native teams, infrasec and appsec seem more and more similar. Secure defaults, SAST are both great examples!
Great post! I often talk about how, for modern cloud native teams, infrasec and appsec seem more and more similar. Secure defaults, SAST are both great examples!
Lol; Ferrari CEO figuring out how to turn around the company. Glad to see security teams play such a key role in turning around an iconic brand 😂 (from wsj.com/business/autos… )
Why I am not allowed to go to Costco unaccompanied
Why I am not allowed to go to Costco unaccompanied
HT to someone not on twitter but this is how I feel about all the tools that share number of "bugs" found without FP rates and prioritization help. (Or classic line from @againsthimself : if I don't care about FPs, `cat` is the great static analysis tool for finding all vulns)
This was such a a great interview and makes me wonder: who are the "Ben"s analyzing the security industry? Or even b2b SaaS?
This was such a a great interview and makes me wonder: who are the "Ben"s analyzing the security industry? Or even b2b SaaS?
I wrote up a guide for migration to S3-Intelligent Tiering! Lessons on: 📊analyzing the viability 🦥napkin math cost savings 🦺derisking rollout Pleasantly surprised that the 50% possible savings aren't just marketing! ramimac.me/s3-it
This is explains how the xz backdoor was found
Checkout our (upcoming) paper @TheWebConf 2024 We test if the loose coupling b/w email filtering service (ex. Proofpoint) and host (ex. Gmail) is bypassable. And find 80% of the ~1600 domains (using top 15 filt. serv.) misconfigured, allowing for bypass! sumanthvrao.github.io/papers/rao-www…
Great thread; meanwhile, if you are an engineer trying to QA your mobile app, you are on gen0 or gen -1: emulators and your own personal phones 😭
Great thread; meanwhile, if you are an engineer trying to QA your mobile app, you are on gen0 or gen -1: emulators and your own personal phones 😭
Check out this fantastic deep dive by my colleague @SammySteele14 on how @figma’s databases team tackled the challenges of horizontal sharding to massively scale our infrastructure. A great read and a really innovative approach! bit.ly/49O7Q7D
I remember when I first joined figma I was surprised by the sort of big annual release moment at config — and I’ve come to really appreciate this sort of model because it creates hard conversations around what are the most important things to ship.
I remember when I first joined figma I was surprised by the sort of big annual release moment at config — and I’ve come to really appreciate this sort of model because it creates hard conversations around what are the most important things to ship.
Product security - barking up the wrong tree: lcamtuf.substack.com/p/product-secu… "Your average CISO is losing sleep over this, not over buffer overflows."
An interesting, balanced view on C++ safety by my esteemed colleague @herbsutter: herbsutter.com/2024/03/11/saf…
@matthewdfuller Use this mnemonic: AAAAAAH! Access Advisor Analyzes your api usage. Access Analyzer Advises you on least privilege policies, and Helps you see resource trusts.
Around 2003 in Chile, when the original trilogy of Star Wars began airing on television there, they did this funny thing to avoid cutting to commercial breaks. They stitched the commercials into the films themselves. Here is one of them, with the English dub added in.
Slides for my RingZer0 keynote: docs.google.com/presentation/d…
co-worker asked how I was doing today. yet another third party trying to harvest my data
Adriana Porter Felt @__apf__
65K Followers 946 Following I like writing silly Tweets, but that doesn't pay so I also make @googlechrome. mamá, eng director. volunteer @2ndharvest. 🇺🇸🇨🇷 she/her
lcamtuf (@lcamtuf@inf.. @lcamtuf
35K Followers 494 Following Homepage: https://t.co/iFAXZxCO5H Substack: https://t.co/yFvmNisGW3
Clint Gibler @clintgibler
19K Followers 575 Following 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletter
Brendan Dolan-Gavitt @moyix
25K Followers 6K Following Associate Professor @ NYU Tandon. Security, RE, ML. PGP https://t.co/3WXr0RfRkv Founder of the MESS Lab: https://t.co/zGycrX3Gmn "an orc smiling into the camera" — CLIP
Jason Haddix @Jhaddix
147K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. @arcanuminfosec 18 years hacking + sec leadership. ex:BuddoBot-Ubisoft-Bugcrowd-Fortify-HP-Redspin-Citrix.
Gareth Heyes \u2028 @garethheyes
32K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
Halvar Flake @halvarflake
44K Followers 3K Following I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected] At the moment, for noone.
Dylan Field @zoink
120K Followers 1K Following ceo @figma. likes on twitter = bookmarking, not endorsement
🎻 Eric Lawrence @ericlaw
14K Followers 3K Following Seek first to understand. Impatient optimist. Dad. Zetetic. Author. Speaker. Made Fiddler & SlickRun. 17yrs @ MSFT on web/security. My words are my own. he/him
Leif Dreizler @leifdreizler
2K Followers 2K Following Eng Manager at @semgrep 💻 @locomocosec organizer 🌴 co-host of @404pod 🎙
Kinnaird McQuade 💻.. @kmcquade3
5K Followers 2K Following Founder/CTO @NightVision_inc. Security Researcher, OSS author. Posts on cybersecurity and cloud. Alum @Square, @Salesforce, @Synopsys |🇵🇭🇺🇸
Justin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Scott Piper @0xdabbad00
18K Followers 327 Following Cloud security historian. Developed https://t.co/ZXFwkuyseC, CloudMapper, and Parliament. Founding team for @fwdcloudsec. Researcher at @wiz_io ✦
Travis McPeak @travismcpeak
3K Followers 1K Following Security, mgmt, startups, investing, 🏋️♂️, 🚵. Founder/CEO @Resourcely prev: @databricks, @netflix; He.
haroon meer @haroonmeer
17K Followers 3K Following Security Geek at Thinkst. We build https://t.co/Sv6Gp3sG6b
Matt Fuller @matthewdfuller
2K Followers 605 Following Hacking on https://t.co/SkhMG1ERKj, https://t.co/jllRuf5yKs. Cloud Security EM @Stripe. Ex-Founder of @CloudSploit_, acquired by @AquaSecTeam. Ex-Adobe.
Marco Lancini @lancinimarco
6K Followers 411 Following 💼 Principal Security Engineer 📚 Writing https://t.co/TrQKzxfnYg 💬 I tweet about Cloud Security and technical leadership ✍🏻 Subscribe to https://t.co/MR69KiF8RH
HackerOne @Hacker0x01
289K Followers 3K Following The only official HackerOne Twitter account. Peace of mind from security's greatest minds. #HackForGood #togetherwehitharder
Neil Matatall @ndm
2K Followers 495 Following
shubs @infosec_au
50K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
Roxana @RoxanaKovaci
528 Followers 255 Following Red Team @Nettitude_Labs | Former Red Team + DFIR @Mandiant @GoogleCloud
Ashutosh Ahelleya @ashutosha_
756 Followers 549 Following Interested in cryptography, security, and privacy These days I just tweet whatever I like Mastodon: [email protected]
Andrew Chen @_awchen
23 Followers 220 Following
Ashraf Harb @ashrafharb97
170 Followers 1K Following @qotoz security researcher on hackerone and bugcrowd https://t.co/4jT842nV4v https://t.co/9gQhbLaAVt
Soila Autio @AutioSoi
30 Followers 5K Following
Habu Umar @habuugml
37 Followers 2K Following News News World News International Music International Music International Music Government Government & Politics
Myriam Scherbel @MyriScherb
48 Followers 5K Following
Sandeep Singh @dhl_sunny
4 Followers 98 Following
Carmela Wolfred @carme_wolfr
37 Followers 5K Following
HOSEIN. YAVARZADEH @hosein_yz
362 Followers 741 Following PhD Student @ucsd_cse, Working on Microarchitecture Security
Miriam Milot @MilotMiria46120
82 Followers 5K Following
Marybelle Chenier @ChenMarybel
54 Followers 5K Following
CRYPTO SHANKAR @s_universe8860
0 Followers 8 Following
Naomi Julius @julius72635
86 Followers 5K Following
Shivani Kumari @Shivani282000
2 Followers 36 Following
Oloruntoba Michael Ak.. @Oloruntobamich
128 Followers 821 Following #CATAMOTO, the biggest new MEME powered by #Tenset will launch at April 19th. Join the CATmunnity and unleash the power of catnip 🌿 https://t.co/zMhNHtPH6C
Sp Saju @spsaju973
14 Followers 21 Following
Aspen Colosimo @AspenColos29547
89 Followers 5K Following
aziz09 @aziz091636365
1 Followers 49 Following
KIV_UTC @kivuAI
55 Followers 367 Following
Pramod Gosavi @pgosavi7056
318 Followers 811 Following Tweet about technology, cybersecurity, data, venture capital, sports, food
Abdullah Hanif @AbdullahHa15079
2 Followers 13 Following
Gggg Gggg @GgggGggg648419
0 Followers 9 Following
Lena Macayan @LenaMacaya8225
80 Followers 5K Following
Dan FinIay @danfinlay
27K Followers 3K Following Purposeful trust maximalist. Building a better web @metamask. https://t.co/Purz5usdcI danfinlay on Github, Keybase, … 🦋https://t.co/VIsUoUnmwt
🏴 Shiv @mahshiiv
53 Followers 753 Following Healing and Growing 🏴 Software Engineer | Professional Cello Beginner
Didarul Islam @didarulilm
15 Followers 128 Following
James Kramer @theJamesKramer
1K Followers 1K Following 🇬🇧 | 28 | Father | 🔈 Speaker Head of HR @uniaptio | Prev @figma , @ScyllaDB , @hedera Building on @Blast_L2 #Bitcoin
Rifat Islam @RifatIslam39453
0 Followers 32 Following
Macie Melstrom @MacMelstr
62 Followers 5K Following
Salah Khawad @KhawadSalah
610 Followers 3K Following
Ayyan @Ayyan292543
0 Followers 12 Following
sharwan kumar @sharwankum9108
9 Followers 92 Following
ام الحسين @AlhusaynAm42618
2 Followers 52 Following
Sumanth Rao @sumanthvrao
100 Followers 542 Following PhD candidate at UC San Diego @ucsd_cse | Doing research in all things (not) secure and private. He/Him
MD YAsin @MDYAsin541476
0 Followers 62 Following
محمد قاسم @Mohkasem029
33 Followers 95 Following
Abubakar Muhammad sur.. @AbubakarMS260
4 Followers 113 Following
yamna @yamna9430125108
2 Followers 43 Following
yasir Rabbani @Rabba2560Yasir
3 Followers 72 Following
afsar howlader1 @AfsarHowla33662
113 Followers 776 Following
Md abdur rahman @Mdabdurrah98842
3 Followers 44 Following
Батя Говори.. @BataGovori44414
2 Followers 40 Following
Adriana Porter Felt @__apf__
65K Followers 946 Following I like writing silly Tweets, but that doesn't pay so I also make @googlechrome. mamá, eng director. volunteer @2ndharvest. 🇺🇸🇨🇷 she/her
lcamtuf (@lcamtuf@inf.. @lcamtuf
35K Followers 494 Following Homepage: https://t.co/iFAXZxCO5H Substack: https://t.co/yFvmNisGW3
Clint Gibler @clintgibler
19K Followers 575 Following 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletter
Brendan Dolan-Gavitt @moyix
25K Followers 6K Following Associate Professor @ NYU Tandon. Security, RE, ML. PGP https://t.co/3WXr0RfRkv Founder of the MESS Lab: https://t.co/zGycrX3Gmn "an orc smiling into the camera" — CLIP
Gareth Heyes \u2028 @garethheyes
32K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
Alex Stamos @alexstamos
98K Followers 2K Following You can find me at: https://t.co/Enct5hx8bS https://t.co/CuE5u72rhW
Halvar Flake @halvarflake
44K Followers 3K Following I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected] At the moment, for noone.
Dylan Field @zoink
120K Followers 1K Following ceo @figma. likes on twitter = bookmarking, not endorsement
🎻 Eric Lawrence @ericlaw
14K Followers 3K Following Seek first to understand. Impatient optimist. Dad. Zetetic. Author. Speaker. Made Fiddler & SlickRun. 17yrs @ MSFT on web/security. My words are my own. he/him
Leif Dreizler @leifdreizler
2K Followers 2K Following Eng Manager at @semgrep 💻 @locomocosec organizer 🌴 co-host of @404pod 🎙
Phil Venables @philvenables
12K Followers 694 Following Tweets about cybersecurity, resilience & enterprise risk - at scale. CISO - Google Cloud + 3 x CISO (25 yrs), Board Director, Chief Risk Officer Tweets=own.
Kinnaird McQuade 💻.. @kmcquade3
5K Followers 2K Following Founder/CTO @NightVision_inc. Security Researcher, OSS author. Posts on cybersecurity and cloud. Alum @Square, @Salesforce, @Synopsys |🇵🇭🇺🇸
Scott Piper @0xdabbad00
18K Followers 327 Following Cloud security historian. Developed https://t.co/ZXFwkuyseC, CloudMapper, and Parliament. Founding team for @fwdcloudsec. Researcher at @wiz_io ✦
Julien | MrTuxracer �.. @MrTuxracer
30K Followers 418 Following Freelancer | Full-time #BugBounty | @Hacker0x01 H1-Elite & $1,500,000 Hacker | ❤️ IDA Pro
haroon meer @haroonmeer
17K Followers 3K Following Security Geek at Thinkst. We build https://t.co/Sv6Gp3sG6b
Matt Fuller @matthewdfuller
2K Followers 605 Following Hacking on https://t.co/SkhMG1ERKj, https://t.co/jllRuf5yKs. Cloud Security EM @Stripe. Ex-Founder of @CloudSploit_, acquired by @AquaSecTeam. Ex-Adobe.
Marco Lancini @lancinimarco
6K Followers 411 Following 💼 Principal Security Engineer 📚 Writing https://t.co/TrQKzxfnYg 💬 I tweet about Cloud Security and technical leadership ✍🏻 Subscribe to https://t.co/MR69KiF8RH
Sho Kuwamoto @skuwamoto
25K Followers 679 Following VP of Product for the @figma editor. Also at https://t.co/b4a0PYhJ28, @[email protected] or @skuwamoto.bsky.social
Farah Hawa @Farah_Hawaa
44K Followers 843 Following security analyst @fbsecurity | part-time bug hunter | content creator | she/her | views = mine
Katie Deighton @DollyDeighton
8K Followers 4K Following I write, I read, I wear gold hoop earrings. Reporting on all things advertising and design for the @WSJ; forever perfecting my blowdry and Desert Island Discs.
Katie Greifeld @kgreifeld
95K Followers 2K Following markets & macro @business, anchor of 10am ET and ETF IQ on @bloombergtv. @haverfordedu / @columbiajourn alum. ktkaos on Insta/Threads. Opinions mine.
Amy Buechler @amybue
2K Followers 586 Following The Founder Coach. I help founders scale themselves. prev @ycombinator Batch Director and in-house Founder Coach. Licensed psychotherapist.
Darknet Diaries @DarknetDiaries
121K Followers 1 Following True stories from the dark side of the Internet. Host @jackrhysider. New episodes released on the first Tuesday of each month. Discord: https://t.co/bZZRR8C59R
Aaron Douglas @astralbodies
2K Followers 1K Following Engineering Lead @Figma. Ex @Shopify, @Automattic. Author for @kodeco, 🏳️🌈, ADHD, 🧙, remote work, runner. Occasional DJ.
Elizabeth Threlkeld @ethrelkeld
7K Followers 3K Following Senior Fellow+Director, South Asia @stimsoncenter. Former diplomat @statedept. @heartlandhelps, @cambridge_uni, @swarthmore alum. Views my own.
Julia DeWahl @juliadewahl
16K Followers 1K Following Co-founder & President of Antares. Age of Miracles Season 1 co-host. Angel investor. Formerly Starlink @ SpaceX and Opendoor.
Mae Milano @mbpmilano
2K Followers 603 Following @PrincetonCS Assistant Professor. I build Programming Languages for Distributed Systems! @mpmilano.bsky.social
Patrick McKenzie @patio11
164K Followers 796 Following I work for the Internet and am an advisor to @stripe. These are my personal opinions unless otherwise noted.
Katherine Zimmerman @KatieZimmerman
10K Followers 612 Following Focus on global Salafi-jihadi movement, all things al Qaeda. Going beyond counterterrorism to win. Watching Yemen, Africa
Dylan @InsecureNature
3K Followers 222 Following Security researcher, public speaker and founder. Forbes 30 Under 30 Truffle Security @trufflesec https://t.co/vxEH7Cftbg Prev @Netflix
shh @worldwise001
5K Followers 4K Following 🇲🇾/🇨🇦. she/her. director of security engineering, former GDPR engineer. food, accordions, and cats. retro+embedded hobbyist hacker. adhd/neurodiverse.
ellie schnitt! @holy_schnitt
556K Followers 593 Following (e)girl next door• https://t.co/jHrUCSZWSj• podcaster!! • she/her • IG: ellie_schnitt • business inquiries: @unitedtalent [email protected]
Arynn Crow @arynncrow
716 Followers 288 Following Sr. Manager User Authentication Product @awsidentity, Board & Exec Council emeritus @fidoalliance. PoliSci ⏭ IAM. Opinions are my dog's.
Laura Wendel @Lauramaywendel
34K Followers 976 Following Startup Founder & Software Engineer • App in the making • Bookworm •
Sam Dalrymple @SamDalrymple123
4K Followers 127 Following
Antoine Levy @LevyAntoine
12K Followers 2K Following 🇫🇷 economist @BerkeleyHaas. Economics, literature, football (yeah, sure, "soccer"), and politics. Views are my own - at least, pre-tax.
Jerry Colonna @jerrycolonna
17K Followers 2K Following Coach and CEO @RebootHQ. My new book, Reunion: Leadership and the Longing to Belong, is available now.
Daryl Fairweather ⛅ @FairweatherPhD
23K Followers 3K Following Chief economist @Redfin🏡, author of HATE THE GAME📕 (April 2025 @UChicagoPress), @Forbes contributor ✍🏽, Mama👦🏽👧🏽, Funkateer🛸🎶, @UChicago & @MIT alum
Laura Paine @lauraleapaine
933 Followers 667 Following 🤖Director, Product Marketing, AI @ GitHub ✨ I have a lot of opinions and they’re all mine ✨ She/Her
City of Sammamish @CityofSammamish
5K Followers 643 Following Official Twitter of the City of #Sammamish. Incorporated 1999.
Alexandra Hudson @LexiOHudson
37K Followers 34K Following Author of The Soul of Civility: Timeless Principles to Heal Society and Ourselves published by @StMartinsPress & available everywhere NOW! 📚🎉🍾
Lauryn Motamedi (Isfo.. @laurynmotamedi
4K Followers 687 Following Head of Product Growth @NotionHQ fmrly @Airtable. Angel Investor & Advisor.
Stephan Pfistner @Mr_Disconnect
140 Followers 365 Following data security, app sec, network security, currently @Figma, ex-@Plaid, ex-@Google
Cleo Abram @cleoabram
49K Followers 989 Following Video journalist making Huge If True. optimist. https://t.co/EI32Qgtigc + https://t.co/5XonR9ycgn + https://t.co/zhjyLwlhnC. previously: Vox. subscribe 👇
Mackenzie Hawkins @mackhawk
4K Followers 1K Following I cover strategic tech, industrial policy & geopolitics for @business/@technology. Talk to me about the chip war: [email protected]/DM for Signal
Reade Pickert @readep
3K Followers 966 Following Federal Reserve editor, deputy team leader at Bloomberg News | opinions are my own | [email protected] or @readepickert on Instagram
Allison Pohle @AllisonPohle
5K Followers 2K Following Travel reporter for @WSJ. Writer. Dress Wearer. Clevelander still not over Game 7 of the 2016 NBA finals. She/her.
Jessica Karl @jkarl26
2K Followers 830 Following 📨 writes a newsletter for @opinion and has thoughts on 🧵https://t.co/om9UYS4JNH
nic nguyen @nicnguyen
14K Followers 2K Following @wsj personal tech columnist / [email protected] / dms open / nic.ngu on threads
Ally Nisenoff @ANisenoff
159 Followers 206 Following CMU Societal Computing PhD Student. @nsfgrfp fellow. @UChicago ‘21 CS and Astrophysics. she/her
Martin Fowler @martinfowler
355K Followers 221 Following Author on Software Development. Works for Thoughtworks. Also hikes, watches theater, and plays modern board games. He/him. @[email protected]
mmurph @mmurph
5K Followers 417 Following @MenloVentures invest in AI 1st Infra & SaaS @cartainc @benchling @harnessio @anthropicai @typefaceai @clarifai @cleanlabai Airbase, Envoy, Zylo, Vivun, Egnyte
Grace Ge @gracewenge
669 Followers 405 Following “all is fair in love & tech”. partner @amplifypartners
Amelia Wattenberger �.. @Wattenberger
31K Followers 5K Following design, LLMs, web dev, data viz, tools for thought ✨ R&D @GitHubNext, previously design @AdeptAILabs
Hannah @HEchenoz
1K Followers 369 Following Researcher & Faculty @UCBerkeley @CISPA @LIGLab @Inria @ncataggies;Alum @Columbia. NetSys| Wireless |5G| XR | HCI | Edge |Comp. Linguist |RL. Twin: @HaniaBP
Elynn Lee @elynnimator
811 Followers 744 Following Product Manager @Figma, previously @Opendoor and @Quora || @playcrosswordle @CodenamesGPT on the weekends
@[email protected] �.. @_msw_
13K Followers 5K Following Socio-technical Systems Engineer at Amazon | Free and Open Source Advocate | he/him/they/them | Opinions: my own | https://t.co/qdvk841Qfr
Brian Albrecht @BrianCAlbrecht
26K Followers 2K Following Applied economic theorist: competition and information. Chief Economist @LawEconCenter 📝Price Theory Newsletter https://t.co/1S7TB6ANUP
Dave Martin @sl1nki3283
12 Followers 75 Following
My home office isn’t as tidy as it was before the baby came.
Beautiful evening on the north Washington coast. It's also National Garlic Day. So, you know, either way, it's probably not a great day for vampires. #wawx
@zachlloydtweets Related: why do you always want gift cards?
@mustach_io @frgx These stores have great social engineering skills to scam men.
@frgx Same... my kids harangue me when we go to the grocery store. I buy far less ... when they are there.
@frgx Hear me out -- I think anyone with an eye for a good deal would have done the same. I definitely would have. Snag the deal now, figure out 44lbs of parmesan cheese later makes a LOT of sense to me.
Cool to see @sawaba & @txs covering my article on customer love (w/ @rosshaleliuk) over on @SecWeekly They add some great points: * A big factor is a charismatic founder * Another is good product design
my first thought when I saw @figma's sidebar showing component code was, "I really hope they add a way for devs to write the code that's displayed there" — and today they launched that functionality! watch Jake give us a whirlwind tour of how it works
Just submitted my ✨ new research to Black Hat USA #BHUSA, and it's all about Web Security this time! Hoping the US will approve my VISA this year, giving me the chance to back to the stage again! :/ @BlackHatEvents
Notice how much more interesting the world gets when it goes through a good artist's head.
Watercolour & location, Richens Orchard. #watercolour
after 24 years, 12 seasons and 120 episodes, CURB YOUR ENTHUSIASM has officially concluded
@frgx I’d do it, but I’m still trying to figure out what an aggregator is.
I've been reading @stratechery for nearly two years and I still don't know WTF an aggregator is.
📚 tl;dr sec 225 😈 xz backdoor @_rsc @jack_naglieri @frgx @amlweems @AminovDanielle 📺 Interview with GitHub CSO @_mph4 🗒️ @SpecterOps SO-CON 2024 slides 🤖 Applying AI to security @DanielMiessler @fr0gger_ 🛡️ @discord's OSS authz portal @itspeterc tldrsec.com/p/tldr-sec-225
@frgx huge fan of the nanoprocess work the wasm components folks are doing for this reason!
@frgx Nice! Will queue up this to watch. What is so nice about pledge compared to for example Landlock is how easy it is to use, making it more likely to actually be used
I think the most important lesson from the xz incident is that if you're losing an online argument about the quality of your open-source project, you can now safely accuse the opponents of being state-sponsored sock puppets and drop the mic
Why should a potentially backdoored library like xz be able to invoke any system command? **It shouldn't.** That's why we @CISPA built a library isolation system "Cali" that allows fine-grained per-lib privileges: github.com/cali-library-i… (@MarkusBauer_mkb kudos). Start using it!
As wary as I am about tweeting anything, my hot take on xz is that first class isolation/capabilities support for deps is a much better solution than sbom; supply chain regulations; upgrading or not upgrading your deps; static analysis; dynamic analysis or whatever.
Trends for United States
You might like
