fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

8.7K
active users

#secdevops

0 posts0 participants0 posts today
Walker<p>Software Supply Chain npm package compromise.</p><p>July 18, reported eslint-config-prettier npm package was modified to include info stealing node-gyp.dll (c68e42f416f482d43653f36cd14384270b54b68d6496a8e34ce887687de5b441)</p><p>Highlighting the ongoing threat to package security and software development. </p><p><a href="https://www.stepsecurity.io/blog/supply-chain-security-alert-eslint-config-prettier-package-shows-signs-of-compromise" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">stepsecurity.io/blog/supply-ch</span><span class="invisible">ain-security-alert-eslint-config-prettier-package-shows-signs-of-compromise</span></a></p><p><a href="https://infosec.exchange/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>python</span></a> <a href="https://infosec.exchange/tags/SoftwareSupplyChains" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SoftwareSupplyChains</span></a> <a href="https://infosec.exchange/tags/softwaredevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>softwaredevelopment</span></a> <a href="https://infosec.exchange/tags/secdevops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secdevops</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a></p>
Jaypee<p>A little writeup about Agentic Secdevops.</p><p><a href="https://drjpsoftware.blogspot.com/2025/05/is-agentic-secdevops-for-you.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">drjpsoftware.blogspot.com/2025</span><span class="invisible">/05/is-agentic-secdevops-for-you.html</span></a></p><p><a href="https://mastodon.drjpdns.com/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devops</span></a> <a href="https://mastodon.drjpdns.com/tags/secdevops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secdevops</span></a> <a href="https://mastodon.drjpdns.com/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://mastodon.drjpdns.com/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLM</span></a> <a href="https://mastodon.drjpdns.com/tags/copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>copilot</span></a></p>
Chema Alonso :verified:<p>El lado del mal - Cómo servir modelos de ML e IA (LLMs) en Kubernetes con KServe: Autoscaling Inteligente y Eficiencia en GPU <a href="https://www.elladodelmal.com/2025/04/como-servir-modelos-de-ml-e-ia-llms-en.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">elladodelmal.com/2025/04/como-</span><span class="invisible">servir-modelos-de-ml-e-ia-llms-en.html</span></a> <a href="https://ioc.exchange/tags/IA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IA</span></a> <a href="https://ioc.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://ioc.exchange/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLM</span></a> <a href="https://ioc.exchange/tags/InteligenciaArtificial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InteligenciaArtificial</span></a> <a href="https://ioc.exchange/tags/SecDevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecDevOps</span></a> <a href="https://ioc.exchange/tags/Axebow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Axebow</span></a> <a href="https://ioc.exchange/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevOps</span></a> <a href="https://ioc.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://ioc.exchange/tags/MachineLearning" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MachineLearning</span></a> <a href="https://ioc.exchange/tags/ML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ML</span></a></p>
Melroy van den Berg<p><a href="https://mastodon.melroy.org/tags/Oracle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Oracle</span></a> Cloud is hacked. Another reason why I do not use the <a href="https://mastodon.melroy.org/tags/cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloud</span></a> :)</p><p><a href="https://techcrunch.com/2025/03/31/oracle-under-fire-for-its-handling-of-separate-security-incidents/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">techcrunch.com/2025/03/31/orac</span><span class="invisible">le-under-fire-for-its-handling-of-separate-security-incidents/</span></a></p><p><a href="https://mastodon.melroy.org/tags/oraclecloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oraclecloud</span></a> <a href="https://mastodon.melroy.org/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.melroy.org/tags/secdevops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secdevops</span></a></p>
F. Maury ⏚<p>Pour celles et ceux qui préfèrent lire mon nouvel épisode de podcast, le transcript est disponible : </p><p><a href="https://pod.broken-by-design.fr/@yakafokon/episodes/comment-ne-pas-etre-dans-le-secret-des-dieux/transcript" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">pod.broken-by-design.fr/@yakaf</span><span class="invisible">okon/episodes/comment-ne-pas-etre-dans-le-secret-des-dieux/transcript</span></a></p><p>Alors ? Convaincus de migrer vers une approche où les ops ne connaissent aucun secret ?</p><p><a href="https://infosec.exchange/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devops</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/secdevops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secdevops</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
F. Maury ⏚<p>How do your apps/servers authenticate to your secret manager (e.g. <a href="https://infosec.exchange/tags/Vault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vault</span></a>) if you use one?</p><p>Boosts are apprecieted</p><p><a href="https://infosec.exchange/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devops</span></a> <a href="https://infosec.exchange/tags/secdevops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secdevops</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/secret" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secret</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
F. Maury ⏚<p>Faisant suite au sondage sur vos pratiques pour la gestion des secrets (<a href="https://infosec.exchange/@x_cli/113402280041462938" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@x_cli/113402</span><span class="invisible">280041462938</span></a>) j'ai pas mal bossé, et vous savez quoi ? Je suis pas d'accord avec vous :D</p><p>Dans mon prochain épisode de podcast sur la gestion des secrets, non seulement je ne vais pas recommander d'utiliser Vault (ou autre secret manager), mais je vais même déconseiller de le faire 🤯 au profit d'une méthode plus sécurisée !</p><p>Ce teasing :D</p><p><a href="https://infosec.exchange/tags/podcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>podcast</span></a> <a href="https://infosec.exchange/tags/yakafokon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yakafokon</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devops</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/secdevops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secdevops</span></a> <a href="https://infosec.exchange/tags/vault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vault</span></a></p>
Larvitz :fedora: :redhat:<p><a href="https://burningboard.net/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devops</span></a> <a href="https://burningboard.net/tags/secdevops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secdevops</span></a> <a href="https://burningboard.net/tags/cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloud</span></a> <a href="https://burningboard.net/tags/humor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>humor</span></a></p>
ITSEC News<p>Episode 253: DevSecOps Worst Practices With Tanya Janca of We Hack Purple - Tanya Janca of the group We Hack Purple, talks with Security Ledger host Paul Robe... <a href="https://feeds.feedblitz.com/~/797526818/0/thesecurityledger~Episode-DevSecOps-Worst-Practices-With-Tanya-Janca-of-We-Hack-Purple/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">feeds.feedblitz.com/~/79752681</span><span class="invisible">8/0/thesecurityledger~Episode-DevSecOps-Worst-Practices-With-Tanya-Janca-of-We-Hack-Purple/</span></a> <a href="https://schleuss.online/tags/applicationdevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>applicationdevelopment</span></a> <a href="https://schleuss.online/tags/applicationsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>applicationsecurity</span></a> <a href="https://schleuss.online/tags/penetrationtesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>penetrationtesting</span></a> <a href="https://schleuss.online/tags/hacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacks</span></a>&amp;hackers <a href="https://schleuss.online/tags/wehackpurple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wehackpurple</span></a> <a href="https://schleuss.online/tags/purpleteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>purpleteam</span></a> <a href="https://schleuss.online/tags/topstories" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>topstories</span></a> <a href="https://schleuss.online/tags/tanyajanca" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tanyajanca</span></a> <a href="https://schleuss.online/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devsecops</span></a> <a href="https://schleuss.online/tags/secdevops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secdevops</span></a> <a href="https://schleuss.online/tags/spotlight" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spotlight</span></a> <a href="https://schleuss.online/tags/podcasts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>podcasts</span></a> <a href="https://schleuss.online/tags/software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>software</span></a> <a href="https://schleuss.online/tags/podcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>podcast</span></a> <a href="https://schleuss.online/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devops</span></a></p>
Chema Alonso :verified:<p>El lado del mal - Developer: GitHub Copilot &amp; Amazon CodeWhisperer pueden filtrar tus API Keys &amp; Secrets <a href="https://www.elladodelmal.com/2023/09/github-copilot-amazon-codewhisperer.html" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">elladodelmal.com/2023/09/githu</span><span class="invisible">b-copilot-amazon-codewhisperer.html</span></a> <a href="https://ioc.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> <a href="https://ioc.exchange/tags/CodeWhisperer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CodeWhisperer</span></a> <a href="https://ioc.exchange/tags/Amazon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Amazon</span></a> <a href="https://ioc.exchange/tags/Copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Copilot</span></a> <a href="https://ioc.exchange/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLM</span></a> <a href="https://ioc.exchange/tags/IA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IA</span></a> <a href="https://ioc.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://ioc.exchange/tags/Leakeage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Leakeage</span></a> <a href="https://ioc.exchange/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>API</span></a> <a href="https://ioc.exchange/tags/Secrets" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Secrets</span></a> <a href="https://ioc.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://ioc.exchange/tags/SecDevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecDevOps</span></a></p>
Recon InfoSec<p>We're hiring a Senior DevOps Engineer to join our awesome team!</p><ul><li>Fully remote</li><li>Competitive pay</li><li>Great benefits</li><li>Awesome mission</li></ul><p><a href="https://www.reconinfosec.com/careers/" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="">reconinfosec.com/careers/</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/hiring" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hiring</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devops</span></a> <a href="https://infosec.exchange/tags/secdevops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secdevops</span></a></p>
hellosct1@mamot.fr<p>Sensible à la <a href="https://mamot.fr/tags/securite" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securite</span></a> <a href="https://mamot.fr/tags/cybersecurite" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurite</span></a> <a href="https://mamot.fr/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devsecops</span></a> <a href="https://mamot.fr/tags/secops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secops</span></a> <a href="https://mamot.fr/tags/secdevops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secdevops</span></a> <a href="https://mamot.fr/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mamot.fr/tags/pirate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pirate</span></a> Alors ce meetup <span class="h-card"><a href="https://mamot.fr/@lizard" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lizard</span></a></span> est pour vous <a href="https://www.meetup.com/fr-FR/lizard_secu/events/294032860/" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">meetup.com/fr-FR/lizard_secu/e</span><span class="invisible">vents/294032860/</span></a></p>
hellosct1@mamot.fr<p>Les données sensibles dans la <a href="https://mamot.fr/tags/cybersecurite" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurite</span></a> sera le fil rouge du meetup <span class="h-card"><a href="https://mamot.fr/@lizard" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lizard</span></a></span> Un joli programme à découvrir <a href="https://mamot.fr/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devsecops</span></a> <a href="https://mamot.fr/tags/secdevops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secdevops</span></a> <a href="https://mamot.fr/tags/secops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secops</span></a> <a href="https://mamot.fr/@lizard/110519203310933983" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mamot.fr/@lizard/1105192033109</span><span class="invisible">33983</span></a></p>
Doyensec<p>Need help securing <a href="https://infosec.exchange/tags/ImageMagick" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ImageMagick</span></a> against the arbitrary file read described in CVE-2022-44268? The pictured policy change can mitigate it for you.</p><p>For more recommendations on hardening your security policies check out our free tool at: <br><a href="https://imagemagick-secevaluator.doyensec.com" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">imagemagick-secevaluator.doyen</span><span class="invisible">sec.com</span></a></p><p><a href="https://infosec.exchange/tags/doyensec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>doyensec</span></a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>appsec</span></a> <a href="https://infosec.exchange/tags/secdevops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secdevops</span></a> <a href="https://infosec.exchange/tags/securityresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityresearch</span></a></p>
Chema Alonso :verified:<p>El lado del mal - V Edición BootCamp Online de DevOps &amp; DevSecOps en GeeksHubs Academy <a href="https://www.elladodelmal.com/2023/01/v-edicion-bootcamp-online-de-devops.html" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">elladodelmal.com/2023/01/v-edi</span><span class="invisible">cion-bootcamp-online-de-devops.html</span></a> <a href="https://ioc.exchange/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevOps</span></a> <a href="https://ioc.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://ioc.exchange/tags/SecDevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecDevOps</span></a> <a href="https://ioc.exchange/tags/formacion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>formacion</span></a> <a href="https://ioc.exchange/tags/hackyourcareer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hackyourcareer</span></a> <a href="https://ioc.exchange/tags/cursos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cursos</span></a></p>
Jeremy<p>Requesting some community help, I'm looking for some data/articles introducing a <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/IaC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IaC</span></a> pipeline. This would allow cybersecurity to apply IaC security features like Azure NSG/Policy etc. instead of allowing <a href="https://infosec.exchange/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevOps</span></a> to open their own ports etc. I want to prevent cybersecurity from slowing things down but also want cybersecurity to have some control. Anyone have any good data on this to back me up? <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://infosec.exchange/tags/SecDevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecDevOps</span></a></p>
Jay Thoden van Velzen ☁️​🛡️​:lolsob:<p>I often talk about SecDevOps - a DevOps approach to security operations, with rapid iterations, a focus on scale and automation, and responsive to the community of developer/DevOps teams we serve with scans, alerts, or other findings.</p><p>Aside from the ability for SecOps teams to transform their operations for the cloud, this also helps align teams to the pace and agility of developer teams following a DevSecOps approach, and therefore better support them during the service lifecycle as they herd the cattle.</p><p>Security can only be a successful enabler for developer teams in <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloudsecurity</span></a> if we meet those we support where they are and synchronize our frequencies. </p><p><a href="https://infosec.exchange/tags/sharedfate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sharedfate</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/secdevops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secdevops</span></a></p>
ITSEC News<p>Episode 248: GitHub’s Jill Moné-Corallo on Product Security And Supply Chain Threats - In this episode of the Security Ledger Podcast, Paul speaks with Jill Moné-Corallo... <a href="https://feeds.feedblitz.com/~/723575006/0/thesecurityledger~Episode-GitHub%e2%80%99s-Jill-Mon%c3%a9Corallo-on-Product-Security-And-Supply-Chain-Threats/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">feeds.feedblitz.com/~/72357500</span><span class="invisible">6/0/thesecurityledger~Episode-GitHub%e2%80%99s-Jill-Mon%c3%a9Corallo-on-Product-Security-And-Supply-Chain-Threats/</span></a> <a href="https://schleuss.online/tags/applicationdevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>applicationdevelopment</span></a> <a href="https://schleuss.online/tags/leftshiftedsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>leftshiftedsecurity</span></a> <a href="https://schleuss.online/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://schleuss.online/tags/applecomputer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>applecomputer</span></a> <a href="https://schleuss.online/tags/topstories" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>topstories</span></a> <a href="https://schleuss.online/tags/companies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>companies</span></a> <a href="https://schleuss.online/tags/secdevops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secdevops</span></a> <a href="https://schleuss.online/tags/spotlight" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spotlight</span></a> <a href="https://schleuss.online/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devsecops</span></a> <a href="https://schleuss.online/tags/podcasts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>podcasts</span></a> <a href="https://schleuss.online/tags/software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>software</span></a> <a href="https://schleuss.online/tags/bounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bounty</span></a></p>
Nick Anderson<p>Day 18/25: The Samba software enables file and printer sharing, and is typically used in mixed <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="tag">#<span>Linux</span></a> and <a href="https://fosstodon.org/tags/Windows" class="mention hashtag" rel="tag">#<span>Windows</span></a> environments. It can provide an attack vector and has been affected by vulnerabilities in the past. If not used, it should be removed:</p><p><a href="https://build.cfengine.com/modules/uninstall-samba/" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">build.cfengine.com/modules/uni</span><span class="invisible">nstall-samba/</span></a></p><p><a href="https://fosstodon.org/tags/Security" class="mention hashtag" rel="tag">#<span>Security</span></a> <a href="https://fosstodon.org/tags/SecDevOps" class="mention hashtag" rel="tag">#<span>SecDevOps</span></a> <a href="https://fosstodon.org/tags/Compliance" class="mention hashtag" rel="tag">#<span>Compliance</span></a> <a href="https://fosstodon.org/tags/CVE" class="mention hashtag" rel="tag">#<span>CVE</span></a> <a href="https://fosstodon.org/tags/DevOps" class="mention hashtag" rel="tag">#<span>DevOps</span></a> <a href="https://fosstodon.org/tags/CFEngine" class="mention hashtag" rel="tag">#<span>CFEngine</span></a></p>
farimani<p>What is SecDevOps vs. DevSecOps?</p><p>"Philosophically, you can think of it as a sort of DevOps for security operations where people who develop the code (in this case, detection logic) are the same people who operate it (in this case, respond to signals and alerts)."</p><p>Brilliant article by <span class="h-card"><a href="https://infosec.exchange/@jaythvv" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jaythvv</span></a></span>. <a href="https://infosec.exchange/tags/decsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decsecops</span></a> <a href="https://infosec.exchange/tags/secdevops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secdevops</span></a></p><p><a href="https://www.linkedin.com/pulse/secdevops-autonomic-security-operations-cloud-jay-thoden-van-velzen/" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">linkedin.com/pulse/secdevops-a</span><span class="invisible">utonomic-security-operations-cloud-jay-thoden-van-velzen/</span></a></p>