Devdatta Akhawe @frgx
Engineering @figma. Previously, Dropbox and Berkeley Grad Student. Opinions are my own, and mostly wrong. Him/he. Also on @[email protected] devd.me Issaquah, WA Joined February 2009-
Tweets6K
-
Followers4K
-
Following1K
-
Likes8K
Great post! I often talk about how, for modern cloud native teams, infrasec and appsec seem more and more similar. Secure defaults, SAST are both great examples!
Great post! I often talk about how, for modern cloud native teams, infrasec and appsec seem more and more similar. Secure defaults, SAST are both great examples!
Lol; Ferrari CEO figuring out how to turn around the company. Glad to see security teams play such a key role in turning around an iconic brand 😂 (from wsj.com/business/autos… )
Why I am not allowed to go to Costco unaccompanied
Why I am not allowed to go to Costco unaccompanied
HT to someone not on twitter but this is how I feel about all the tools that share number of "bugs" found without FP rates and prioritization help. (Or classic line from @againsthimself : if I don't care about FPs, `cat` is the great static analysis tool for finding all vulns)
This was such a a great interview and makes me wonder: who are the "Ben"s analyzing the security industry? Or even b2b SaaS?
This was such a a great interview and makes me wonder: who are the "Ben"s analyzing the security industry? Or even b2b SaaS?
I wrote up a guide for migration to S3-Intelligent Tiering! Lessons on: 📊analyzing the viability 🦥napkin math cost savings 🦺derisking rollout Pleasantly surprised that the 50% possible savings aren't just marketing! ramimac.me/s3-it
This is explains how the xz backdoor was found
Checkout our (upcoming) paper @TheWebConf 2024 We test if the loose coupling b/w email filtering service (ex. Proofpoint) and host (ex. Gmail) is bypassable. And find 80% of the ~1600 domains (using top 15 filt. serv.) misconfigured, allowing for bypass! sumanthvrao.github.io/papers/rao-www…
Great thread; meanwhile, if you are an engineer trying to QA your mobile app, you are on gen0 or gen -1: emulators and your own personal phones 😭
Great thread; meanwhile, if you are an engineer trying to QA your mobile app, you are on gen0 or gen -1: emulators and your own personal phones 😭
Check out this fantastic deep dive by my colleague @SammySteele14 on how @figma’s databases team tackled the challenges of horizontal sharding to massively scale our infrastructure. A great read and a really innovative approach! bit.ly/49O7Q7D
I remember when I first joined figma I was surprised by the sort of big annual release moment at config — and I’ve come to really appreciate this sort of model because it creates hard conversations around what are the most important things to ship.
I remember when I first joined figma I was surprised by the sort of big annual release moment at config — and I’ve come to really appreciate this sort of model because it creates hard conversations around what are the most important things to ship.
Product security - barking up the wrong tree: lcamtuf.substack.com/p/product-secu… "Your average CISO is losing sleep over this, not over buffer overflows."
An interesting, balanced view on C++ safety by my esteemed colleague @herbsutter: herbsutter.com/2024/03/11/saf…
@matthewdfuller Use this mnemonic: AAAAAAH! Access Advisor Analyzes your api usage. Access Analyzer Advises you on least privilege policies, and Helps you see resource trusts.
Around 2003 in Chile, when the original trilogy of Star Wars began airing on television there, they did this funny thing to avoid cutting to commercial breaks. They stitched the commercials into the films themselves. Here is one of them, with the English dub added in.
Slides for my RingZer0 keynote: docs.google.com/presentation/d…
co-worker asked how I was doing today. yet another third party trying to harvest my data
Adriana Porter Felt @__apf__
65K Followers 946 Following I like writing silly Tweets, but that doesn't pay so I also make @googlechrome. mamá, eng director. volunteer @2ndharvest. 🇺🇸🇨🇷 she/herlcamtuf (@lcamtuf@inf.. @lcamtuf
35K Followers 494 Following Homepage: https://t.co/iFAXZxCO5H Substack: https://t.co/yFvmNisGW3Clint Gibler @clintgibler
19K Followers 575 Following 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletterBrendan Dolan-Gavitt @moyix
25K Followers 6K Following Associate Professor @ NYU Tandon. Security, RE, ML. PGP https://t.co/3WXr0RfRkv Founder of the MESS Lab: https://t.co/zGycrX3Gmn "an orc smiling into the camera" — CLIPJason Haddix @Jhaddix
147K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. @arcanuminfosec 18 years hacking + sec leadership. ex:BuddoBot-Ubisoft-Bugcrowd-Fortify-HP-Redspin-Citrix.Gareth Heyes \u2028 @garethheyes
32K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5Halvar Flake @halvarflake
44K Followers 3K Following I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected] At the moment, for noone.Dylan Field @zoink
120K Followers 1K Following ceo @figma. likes on twitter = bookmarking, not endorsement🎻 Eric Lawrence @ericlaw
14K Followers 3K Following Seek first to understand. Impatient optimist. Dad. Zetetic. Author. Speaker. Made Fiddler & SlickRun. 17yrs @ MSFT on web/security. My words are my own. he/himLeif Dreizler @leifdreizler
2K Followers 2K Following Eng Manager at @semgrep 💻 @locomocosec organizer 🌴 co-host of @404pod 🎙Kinnaird McQuade 💻.. @kmcquade3
5K Followers 2K Following Founder/CTO @NightVision_inc. Security Researcher, OSS author. Posts on cybersecurity and cloud. Alum @Square, @Salesforce, @Synopsys |🇵🇭🇺🇸Justin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carsScott Piper @0xdabbad00
18K Followers 327 Following Cloud security historian. Developed https://t.co/ZXFwkuyseC, CloudMapper, and Parliament. Founding team for @fwdcloudsec. Researcher at @wiz_io ✦Travis McPeak @travismcpeak
3K Followers 1K Following Security, mgmt, startups, investing, 🏋️♂️, 🚵. Founder/CEO @Resourcely prev: @databricks, @netflix; He.haroon meer @haroonmeer
17K Followers 3K Following Security Geek at Thinkst. We build https://t.co/Sv6Gp3sG6bMatt Fuller @matthewdfuller
2K Followers 605 Following Hacking on https://t.co/SkhMG1ERKj, https://t.co/jllRuf5yKs. Cloud Security EM @Stripe. Ex-Founder of @CloudSploit_, acquired by @AquaSecTeam. Ex-Adobe.Marco Lancini @lancinimarco
6K Followers 411 Following 💼 Principal Security Engineer 📚 Writing https://t.co/TrQKzxfnYg 💬 I tweet about Cloud Security and technical leadership ✍🏻 Subscribe to https://t.co/MR69KiF8RHHackerOne @Hacker0x01
289K Followers 3K Following The only official HackerOne Twitter account. Peace of mind from security's greatest minds. #HackForGood #togetherwehitharderNeil Matatall @ndm
2K Followers 495 Followingshubs @infosec_au
50K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnoteRoxana @RoxanaKovaci
528 Followers 255 Following Red Team @Nettitude_Labs | Former Red Team + DFIR @Mandiant @GoogleCloudAshutosh Ahelleya @ashutosha_
756 Followers 549 Following Interested in cryptography, security, and privacy These days I just tweet whatever I like Mastodon: [email protected]Andrew Chen @_awchen
23 Followers 220 FollowingAshraf Harb @ashrafharb97
170 Followers 1K Following @qotoz security researcher on hackerone and bugcrowd https://t.co/4jT842nV4v https://t.co/9gQhbLaAVtSoila Autio @AutioSoi
30 Followers 5K FollowingHabu Umar @habuugml
37 Followers 2K Following News News World News International Music International Music International Music Government Government & PoliticsMyriam Scherbel @MyriScherb
48 Followers 5K FollowingSandeep Singh @dhl_sunny
4 Followers 98 FollowingCarmela Wolfred @carme_wolfr
37 Followers 5K FollowingHOSEIN. YAVARZADEH @hosein_yz
362 Followers 741 Following PhD Student @ucsd_cse, Working on Microarchitecture SecurityMiriam Milot @MilotMiria46120
82 Followers 5K FollowingMarybelle Chenier @ChenMarybel
54 Followers 5K FollowingCRYPTO SHANKAR @s_universe8860
0 Followers 8 FollowingNaomi Julius @julius72635
86 Followers 5K FollowingShivani Kumari @Shivani282000
2 Followers 36 FollowingOloruntoba Michael Ak.. @Oloruntobamich
128 Followers 821 Following #CATAMOTO, the biggest new MEME powered by #Tenset will launch at April 19th. Join the CATmunnity and unleash the power of catnip 🌿 https://t.co/zMhNHtPH6CSp Saju @spsaju973
14 Followers 21 FollowingAspen Colosimo @AspenColos29547
89 Followers 5K Followingaziz09 @aziz091636365
1 Followers 49 FollowingKIV_UTC @kivuAI
55 Followers 367 FollowingPramod Gosavi @pgosavi7056
318 Followers 811 Following Tweet about technology, cybersecurity, data, venture capital, sports, foodAbdullah Hanif @AbdullahHa15079
2 Followers 13 FollowingGggg Gggg @GgggGggg648419
0 Followers 9 FollowingLena Macayan @LenaMacaya8225
80 Followers 5K FollowingDan FinIay @danfinlay
27K Followers 3K Following Purposeful trust maximalist. Building a better web @metamask. https://t.co/Purz5usdcI danfinlay on Github, Keybase, … 🦋https://t.co/VIsUoUnmwt🏴 Shiv @mahshiiv
53 Followers 753 Following Healing and Growing 🏴 Software Engineer | Professional Cello BeginnerDidarul Islam @didarulilm
15 Followers 128 FollowingJames Kramer @theJamesKramer
1K Followers 1K Following 🇬🇧 | 28 | Father | 🔈 Speaker Head of HR @uniaptio | Prev @figma , @ScyllaDB , @hedera Building on @Blast_L2 #BitcoinRifat Islam @RifatIslam39453
0 Followers 32 FollowingMacie Melstrom @MacMelstr
62 Followers 5K FollowingSalah Khawad @KhawadSalah
610 Followers 3K FollowingAyyan @Ayyan292543
0 Followers 12 Followingsharwan kumar @sharwankum9108
9 Followers 92 Followingام الحسين @AlhusaynAm42618
2 Followers 52 FollowingSumanth Rao @sumanthvrao
100 Followers 542 Following PhD candidate at UC San Diego @ucsd_cse | Doing research in all things (not) secure and private. He/HimMD YAsin @MDYAsin541476
0 Followers 62 Followingمحمد قاسم @Mohkasem029
33 Followers 95 FollowingAbubakar Muhammad sur.. @AbubakarMS260
4 Followers 113 Followingyamna @yamna9430125108
2 Followers 43 Followingyasir Rabbani @Rabba2560Yasir
3 Followers 72 Followingafsar howlader1 @AfsarHowla33662
113 Followers 776 FollowingMd abdur rahman @Mdabdurrah98842
3 Followers 44 FollowingБатя Говори.. @BataGovori44414
2 Followers 40 FollowingAdriana Porter Felt @__apf__
65K Followers 946 Following I like writing silly Tweets, but that doesn't pay so I also make @googlechrome. mamá, eng director. volunteer @2ndharvest. 🇺🇸🇨🇷 she/herlcamtuf (@lcamtuf@inf.. @lcamtuf
35K Followers 494 Following Homepage: https://t.co/iFAXZxCO5H Substack: https://t.co/yFvmNisGW3Clint Gibler @clintgibler
19K Followers 575 Following 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletterBrendan Dolan-Gavitt @moyix
25K Followers 6K Following Associate Professor @ NYU Tandon. Security, RE, ML. PGP https://t.co/3WXr0RfRkv Founder of the MESS Lab: https://t.co/zGycrX3Gmn "an orc smiling into the camera" — CLIPGareth Heyes \u2028 @garethheyes
32K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5Alex Stamos @alexstamos
98K Followers 2K Following You can find me at: https://t.co/Enct5hx8bS https://t.co/CuE5u72rhWHalvar Flake @halvarflake
44K Followers 3K Following I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected] At the moment, for noone.Dylan Field @zoink
120K Followers 1K Following ceo @figma. likes on twitter = bookmarking, not endorsement🎻 Eric Lawrence @ericlaw
14K Followers 3K Following Seek first to understand. Impatient optimist. Dad. Zetetic. Author. Speaker. Made Fiddler & SlickRun. 17yrs @ MSFT on web/security. My words are my own. he/himLeif Dreizler @leifdreizler
2K Followers 2K Following Eng Manager at @semgrep 💻 @locomocosec organizer 🌴 co-host of @404pod 🎙Phil Venables @philvenables
12K Followers 694 Following Tweets about cybersecurity, resilience & enterprise risk - at scale. CISO - Google Cloud + 3 x CISO (25 yrs), Board Director, Chief Risk Officer Tweets=own.Kinnaird McQuade 💻.. @kmcquade3
5K Followers 2K Following Founder/CTO @NightVision_inc. Security Researcher, OSS author. Posts on cybersecurity and cloud. Alum @Square, @Salesforce, @Synopsys |🇵🇭🇺🇸Scott Piper @0xdabbad00
18K Followers 327 Following Cloud security historian. Developed https://t.co/ZXFwkuyseC, CloudMapper, and Parliament. Founding team for @fwdcloudsec. Researcher at @wiz_io ✦Julien | MrTuxracer �.. @MrTuxracer
30K Followers 418 Following Freelancer | Full-time #BugBounty | @Hacker0x01 H1-Elite & $1,500,000 Hacker | ❤️ IDA Proharoon meer @haroonmeer
17K Followers 3K Following Security Geek at Thinkst. We build https://t.co/Sv6Gp3sG6bMatt Fuller @matthewdfuller
2K Followers 605 Following Hacking on https://t.co/SkhMG1ERKj, https://t.co/jllRuf5yKs. Cloud Security EM @Stripe. Ex-Founder of @CloudSploit_, acquired by @AquaSecTeam. Ex-Adobe.Marco Lancini @lancinimarco
6K Followers 411 Following 💼 Principal Security Engineer 📚 Writing https://t.co/TrQKzxfnYg 💬 I tweet about Cloud Security and technical leadership ✍🏻 Subscribe to https://t.co/MR69KiF8RHSho Kuwamoto @skuwamoto
25K Followers 679 Following VP of Product for the @figma editor. Also at https://t.co/b4a0PYhJ28, @[email protected] or @skuwamoto.bsky.socialFarah Hawa @Farah_Hawaa
44K Followers 843 Following security analyst @fbsecurity | part-time bug hunter | content creator | she/her | views = mineKatie Deighton @DollyDeighton
8K Followers 4K Following I write, I read, I wear gold hoop earrings. Reporting on all things advertising and design for the @WSJ; forever perfecting my blowdry and Desert Island Discs.Katie Greifeld @kgreifeld
95K Followers 2K Following markets & macro @business, anchor of 10am ET and ETF IQ on @bloombergtv. @haverfordedu / @columbiajourn alum. ktkaos on Insta/Threads. Opinions mine.Amy Buechler @amybue
2K Followers 586 Following The Founder Coach. I help founders scale themselves. prev @ycombinator Batch Director and in-house Founder Coach. Licensed psychotherapist.Darknet Diaries @DarknetDiaries
121K Followers 1 Following True stories from the dark side of the Internet. Host @jackrhysider. New episodes released on the first Tuesday of each month. Discord: https://t.co/bZZRR8C59RAaron Douglas @astralbodies
2K Followers 1K Following Engineering Lead @Figma. Ex @Shopify, @Automattic. Author for @kodeco, 🏳️🌈, ADHD, 🧙, remote work, runner. Occasional DJ.Elizabeth Threlkeld @ethrelkeld
7K Followers 3K Following Senior Fellow+Director, South Asia @stimsoncenter. Former diplomat @statedept. @heartlandhelps, @cambridge_uni, @swarthmore alum. Views my own.Julia DeWahl @juliadewahl
16K Followers 1K Following Co-founder & President of Antares. Age of Miracles Season 1 co-host. Angel investor. Formerly Starlink @ SpaceX and Opendoor.Mae Milano @mbpmilano
2K Followers 603 Following @PrincetonCS Assistant Professor. I build Programming Languages for Distributed Systems! @mpmilano.bsky.socialPatrick McKenzie @patio11
164K Followers 796 Following I work for the Internet and am an advisor to @stripe. These are my personal opinions unless otherwise noted.Katherine Zimmerman @KatieZimmerman
10K Followers 612 Following Focus on global Salafi-jihadi movement, all things al Qaeda. Going beyond counterterrorism to win. Watching Yemen, AfricaDylan @InsecureNature
3K Followers 222 Following Security researcher, public speaker and founder. Forbes 30 Under 30 Truffle Security @trufflesec https://t.co/vxEH7Cftbg Prev @Netflixshh @worldwise001
5K Followers 4K Following 🇲🇾/🇨🇦. she/her. director of security engineering, former GDPR engineer. food, accordions, and cats. retro+embedded hobbyist hacker. adhd/neurodiverse.ellie schnitt! @holy_schnitt
556K Followers 593 Following (e)girl next door• https://t.co/jHrUCSZWSj• podcaster!! • she/her • IG: ellie_schnitt • business inquiries: @unitedtalent [email protected]Arynn Crow @arynncrow
716 Followers 288 Following Sr. Manager User Authentication Product @awsidentity, Board & Exec Council emeritus @fidoalliance. PoliSci ⏭ IAM. Opinions are my dog's.Laura Wendel @Lauramaywendel
34K Followers 976 Following Startup Founder & Software Engineer • App in the making • Bookworm •Sam Dalrymple @SamDalrymple123
4K Followers 127 FollowingAntoine Levy @LevyAntoine
12K Followers 2K Following 🇫🇷 economist @BerkeleyHaas. Economics, literature, football (yeah, sure, "soccer"), and politics. Views are my own - at least, pre-tax.Jerry Colonna @jerrycolonna
17K Followers 2K Following Coach and CEO @RebootHQ. My new book, Reunion: Leadership and the Longing to Belong, is available now.Daryl Fairweather ⛅ @FairweatherPhD
23K Followers 3K Following Chief economist @Redfin🏡, author of HATE THE GAME📕 (April 2025 @UChicagoPress), @Forbes contributor ✍🏽, Mama👦🏽👧🏽, Funkateer🛸🎶, @UChicago & @MIT alumLaura Paine @lauraleapaine
933 Followers 667 Following 🤖Director, Product Marketing, AI @ GitHub ✨ I have a lot of opinions and they’re all mine ✨ She/HerCity of Sammamish @CityofSammamish
5K Followers 643 Following Official Twitter of the City of #Sammamish. Incorporated 1999.Alexandra Hudson @LexiOHudson
37K Followers 34K Following Author of The Soul of Civility: Timeless Principles to Heal Society and Ourselves published by @StMartinsPress & available everywhere NOW! 📚🎉🍾Lauryn Motamedi (Isfo.. @laurynmotamedi
4K Followers 687 Following Head of Product Growth @NotionHQ fmrly @Airtable. Angel Investor & Advisor.Stephan Pfistner @Mr_Disconnect
140 Followers 365 Following data security, app sec, network security, currently @Figma, ex-@Plaid, ex-@GoogleCleo Abram @cleoabram
49K Followers 989 Following Video journalist making Huge If True. optimist. https://t.co/EI32Qgtigc + https://t.co/5XonR9ycgn + https://t.co/zhjyLwlhnC. previously: Vox. subscribe 👇Mackenzie Hawkins @mackhawk
4K Followers 1K Following I cover strategic tech, industrial policy & geopolitics for @business/@technology. Talk to me about the chip war: [email protected]/DM for SignalReade Pickert @readep
3K Followers 966 Following Federal Reserve editor, deputy team leader at Bloomberg News | opinions are my own | [email protected] or @readepickert on InstagramAllison Pohle @AllisonPohle
5K Followers 2K Following Travel reporter for @WSJ. Writer. Dress Wearer. Clevelander still not over Game 7 of the 2016 NBA finals. She/her.Jessica Karl @jkarl26
2K Followers 830 Following 📨 writes a newsletter for @opinion and has thoughts on 🧵https://t.co/om9UYS4JNHnic nguyen @nicnguyen
14K Followers 2K Following @wsj personal tech columnist / [email protected] / dms open / nic.ngu on threadsAlly Nisenoff @ANisenoff
159 Followers 206 Following CMU Societal Computing PhD Student. @nsfgrfp fellow. @UChicago ‘21 CS and Astrophysics. she/herMartin Fowler @martinfowler
355K Followers 221 Following Author on Software Development. Works for Thoughtworks. Also hikes, watches theater, and plays modern board games. He/him. @[email protected]mmurph @mmurph
5K Followers 417 Following @MenloVentures invest in AI 1st Infra & SaaS @cartainc @benchling @harnessio @anthropicai @typefaceai @clarifai @cleanlabai Airbase, Envoy, Zylo, Vivun, EgnyteGrace Ge @gracewenge
669 Followers 405 Following “all is fair in love & tech”. partner @amplifypartnersAmelia Wattenberger �.. @Wattenberger
31K Followers 5K Following design, LLMs, web dev, data viz, tools for thought ✨ R&D @GitHubNext, previously design @AdeptAILabsHannah @HEchenoz
1K Followers 369 Following Researcher & Faculty @UCBerkeley @CISPA @LIGLab @Inria @ncataggies;Alum @Columbia. NetSys| Wireless |5G| XR | HCI | Edge |Comp. Linguist |RL. Twin: @HaniaBPElynn Lee @elynnimator
811 Followers 744 Following Product Manager @Figma, previously @Opendoor and @Quora || @playcrosswordle @CodenamesGPT on the weekends@[email protected] �.. @_msw_
13K Followers 5K Following Socio-technical Systems Engineer at Amazon | Free and Open Source Advocate | he/him/they/them | Opinions: my own | https://t.co/qdvk841QfrBrian Albrecht @BrianCAlbrecht
26K Followers 2K Following Applied economic theorist: competition and information. Chief Economist @LawEconCenter 📝Price Theory Newsletter https://t.co/1S7TB6ANUPDave Martin @sl1nki3283
12 Followers 75 FollowingBeautiful evening on the north Washington coast. It's also National Garlic Day. So, you know, either way, it's probably not a great day for vampires. #wawx
@zachlloydtweets Related: why do you always want gift cards?
@mustach_io @frgx These stores have great social engineering skills to scam men.
@frgx Same... my kids harangue me when we go to the grocery store. I buy far less ... when they are there.
@frgx Hear me out -- I think anyone with an eye for a good deal would have done the same. I definitely would have. Snag the deal now, figure out 44lbs of parmesan cheese later makes a LOT of sense to me.
Cool to see @sawaba & @txs covering my article on customer love (w/ @rosshaleliuk) over on @SecWeekly They add some great points: * A big factor is a charismatic founder * Another is good product design
my first thought when I saw @figma's sidebar showing component code was, "I really hope they add a way for devs to write the code that's displayed there" — and today they launched that functionality! watch Jake give us a whirlwind tour of how it works
Just submitted my ✨ new research to Black Hat USA #BHUSA, and it's all about Web Security this time! Hoping the US will approve my VISA this year, giving me the chance to back to the stage again! :/ @BlackHatEvents
Notice how much more interesting the world gets when it goes through a good artist's head.
Watercolour & location, Richens Orchard. #watercolour
after 24 years, 12 seasons and 120 episodes, CURB YOUR ENTHUSIASM has officially concluded
@frgx I’d do it, but I’m still trying to figure out what an aggregator is.
I've been reading @stratechery for nearly two years and I still don't know WTF an aggregator is.
📚 tl;dr sec 225 😈 xz backdoor @_rsc @jack_naglieri @frgx @amlweems @AminovDanielle 📺 Interview with GitHub CSO @_mph4 🗒️ @SpecterOps SO-CON 2024 slides 🤖 Applying AI to security @DanielMiessler @fr0gger_ 🛡️ @discord's OSS authz portal @itspeterc tldrsec.com/p/tldr-sec-225
@frgx huge fan of the nanoprocess work the wasm components folks are doing for this reason!
@frgx Nice! Will queue up this to watch. What is so nice about pledge compared to for example Landlock is how easy it is to use, making it more likely to actually be used
I think the most important lesson from the xz incident is that if you're losing an online argument about the quality of your open-source project, you can now safely accuse the opponents of being state-sponsored sock puppets and drop the mic
Why should a potentially backdoored library like xz be able to invoke any system command? **It shouldn't.** That's why we @CISPA built a library isolation system "Cali" that allows fine-grained per-lib privileges: github.com/cali-library-i… (@MarkusBauer_mkb kudos). Start using it!
As wary as I am about tweeting anything, my hot take on xz is that first class isolation/capabilities support for deps is a much better solution than sbom; supply chain regulations; upgrading or not upgrading your deps; static analysis; dynamic analysis or whatever.