Please note: This is being updated in real-time. The intent is to make sense of lots of simultaneous discoveries| boehs.org
The xz attack shell script| research.swtch.com
Message-ID: <20240329155126.kjjfduxw2yrlxgzm@awork3.anarazel.de>| www.openwall.com
2 Posts, 384 Following, 320 Followers · Maker, breaker and fixer of software. Adventures in #appsec and #agile: beny23.github.io he/him| Infosec Exchange
In this post, I am going to look at an increasingly important part of securing applications: Your supply chain. This includes every library, tool or service that you are using to build, run and monitor your service. When the log4shell vulnerability hit, it wasn’t just a matter of looking at the dependencies that your source code pulls in, but also at the infrastructure you’re using and the build pipeline. Have you had a look at the vulnerability reports of your dependencies lately?| beny23.github.io
In this post, I describe my personal experience of being part of a software development team working with Equal Experts and HMRC during Covid-19. Under normal circumstances, we’re responsible for tax services such as Self Assessment, PAYE Expenses and Benefits, VAT submissions amongst others. These services run on the Multi-channel Digital Tax Platform (MDTP). This platform is hosted in a hyperscale cloud (the cloud provider has a sideline selling books), run in-house by HMRC teams made up ...| beny23.github.io