2 Posts, 384 Following, 320 Followers · Maker, breaker and fixer of software. Adventures in #appsec and #agile: beny23.github.io he/him| Infosec Exchange
Every developer integrates their work into mainline at least every day.| martinfowler.com
First of all I need the preface this article on how much I abhor the Russian invasion of Ukraine and I wholeheartedly support the sanctions. However, I think the conflict has spilled over into areas of software development that have got some unintended consequences attached. As part of this post, I’m going to look at the decision by MongoDB to cut off services in Russia the destructive change in a node library that deleted files on Russian IPs a change in code/licence in a community terrafo...| beny23.github.io
In this post, I am going to look at an increasingly important part of securing applications: Your supply chain. This includes every library, tool or service that you are using to build, run and monitor your service. When the log4shell vulnerability hit, it wasn’t just a matter of looking at the dependencies that your source code pulls in, but also at the infrastructure you’re using and the build pipeline. Have you had a look at the vulnerability reports of your dependencies lately?| beny23.github.io