Links
Add
Spotify Introduces Kitsune Vulnerability Management Platform
https://www.infoq.com/news/2022/11/spotify-kitsune-platform/
Spotify recently introduced its security vulnerability management platform, Kitsune. Right from vulnerability detection to providing insights based on metrics, Kitsune manages the overall security vul
Added 1 month ago
Spotify’s Vulnerability Management Platform - Spotify Engineering : Spotify
https://engineering.atspotify.com/2022/11/spotifys-vulnerability-management-platform/
We started developing our vulnerability management platform (VMP) at Spotify in Q2, 2020, and now that we’ve implemented it and use the system in our day-to-day work, we wanted to take a moment to share our journey to help reduce security risks in an efficient and scalable manner.
Added 1 month ago
https://github.com/ballerine-io/ballerine
https://github.com/ballerine-io/ballerine
Open-source infrastructure and data orchestration platform for risk decisioning - ballerine-io/ballerine
Added 1 month ago
How to mitigate OWASP vulnerabilities while staying in the flow | The GitHu
https://github.blog/2022-11-04-how-to-mitigate-owasp-vulnerabilities-while-staying-in-the-flow/
Explore how GitHub Advanced Security can help address several of the OWASP Top 10 vulnerabilities
Free: Dastardly from Burp Suite | Blog - PortSwigger
https://portswigger.net/blog/free-dastardly-from-burp-suite
Introducing Dastardly - a free, lightweight web application security scanner for your CI/CD pipeline, from the makers of Burp Suite. Secure web development ain't easy Ensuring your code is written sec
Launch HN: Idemeum (YC S21) – Passwordless access to apps and infrastructur
https://news.ycombinator.com/item?id=33346183
Libre Tools from the National Cybersecurity Competence Center of Luxembourg
https://opensource.nc3.lu
Added 1 month ago
Non-Pharmacological ADHD Treatment - Australian ADHD Clinical Practice Guid
https://adhdguideline.aadpa.com.au/non-pharmacological/
There is a need to evaluate the effectiveness of non-pharmacological treatment options to guide Australian clinicians and people with ADHD when choosing appropriate evidence-based intervention options.
Install EKS-D with MicroK8s - General Discussions / microk8s - Discuss Kube
https://discuss.kubernetes.io/t/install-eks-d-with-microk8s/21479
What is EKS-D
Amazon EKS Distro (EKS-D) is a Kubernetes distribution based on and used by Amazon Elastic Kubernetes Service (Amazon EKS). It provides latest upstream updates as well as extended security patching support…
Added 1 month ago
Vulhub: Pre-Built Vulnerable Environments Based on Docker-Compose
https://news.ycombinator.com/item?id=32963636
aurae-runtime/aurae: Distributed systems runtime daemon written in Rust.
https://github.com/aurae-runtime/aurae
Distributed systems runtime daemon written in Rust. - aurae-runtime/aurae
Added 1 month ago
Show HN: Restfox – Open source lightweight alternative to Postman
https://restfox.dev
A REST client for the Web
Added 1 month ago
Nobl9 Shares SLO-as-Code Methodology - DevOps.com
https://devops.com/nobl9-shares-slo-as-code-methodology/
Nobl9 has released an open specification for defining SLOs and, in addition, has defined a repeatable SLO methodology.
Introduction | asdf
https://asdf-vm.com/guide/introduction.html
Manage multiple runtime versions with a single CLI tool
Added 1 month ago
https://github.com/cirruslabs/tart
https://github.com/cirruslabs/tart
macOS and Linux VMs on Apple Silicon to use in CI and other automations - cirruslabs/tart
Enable SLO-as-Code with Nobl9 and GitLab | GitLab
https://about.gitlab.com/blog/2022/05/09/enable-slos-as-code/
GitHub Actions Security Best Practices [cheat sheet included]
https://blog.gitguardian.com/github-actions-security-cheat-sheet/
Learn how to secure your GitHub Actions with these best practices! From controlling credentials to using specific action version tags, this cheat sheet will help you protect against supply-chain attacks. Don't let a malicious actor inject code into your repository - read now!
Added 1 month ago
The Big List of Engineering Management Resources – March 2022
https://practicallyleading.dev/the-big-list-of-engineering-management-resources-march-2022
My Inspirations
Now as a Director of Engineering at Docker, I’ve been doing some type of engineering leadership for the last decade.
I have learned from the best over the years, and many resources have shaped who I am and philosophies for how I lead....
Added 1 month ago
RFC 9180: Hybrid Public Key Encryption
https://www.rfc-editor.org/rfc/rfc9180.html
HPKE: Standardizing public-key encryption (finally!)
https://blog.cloudflare.com/hybrid-public-key-encryption
HPKE (RFC 9180) was made to be simple, reusable, and future-proof by building upon knowledge from prior PKE schemes and software implementations. It is already in use in a large assortment of emerging Internet standards and has a large assortment of interoperable implementations. This article provides an overview of this new standard, going back to discuss its motivation, design goals, and development process.
Thread by @bettersafetynet on Thread Reader App – Thread Reader App
https://threadreaderapp.com/thread/1496496087741480960.html
@bettersafetynet: I've had 3 calls so far today (it's not even 10) about defending against Russian cyber ops I'm tired of having the same call... so... here's what I've told everyone. This is the playbook you...…
Added 1 month ago