AppSec VillageAt AppSec Village, we're proud to have Finite State on board as a Silver Sponsor this year 💀💙
If connected device security is your world — they're worth knowing!
Lenny ZeltserUnnecessary complexity makes products hard to maintain and hard to secure. Modern apps such as Cloudflare's EmDash and Tailscale show that designing for simplicity produces stronger security as a side effect.
Every component a product ships becomes something customers must configure, patch, and defend. WordPress illustrates this, with 90-96% of its security issues originating in plugins because its architecture gives every plugin unrestricted access to the entire system. Self-hosted databases need replication, backups, and version upgrades, while container platforms need network policies, image scanning, and cluster maintenance. Each added component expands both operational load and attack surface.
Modern architectures are changing what products require customers to run:
* Cloudflare's EmDash reimagines WordPress as a serverless CMS with no PHP runtime, no customer-managed database, and sandboxed extensions that must declare specific capabilities such as "read:content."
* WireGuard's implementation fits in roughly 4,000 lines of kernel code, small enough for one person to audit.
* Tailscale builds on WireGuard so devices connect without customers running servers, opening ports, or rotating certificates.
The security improvements came from eliminating components rather than layering new controls on top.
For builders, that shifts the question from "what controls should we add?" to "what can we simplify?" A platform service can replace a customer-managed database, a capability declaration can replace unrestricted plugin access, and a safe default can replace an opt-in checkbox. Each removal shrinks both what customers must maintain and what attackers can target.
For my full article, see:
https://zeltser.com/modern-design-security
🔐 eBook Alert: The Unique Challenges of Securing #ConnectedDevices
Whether you're building smart medical devices, industrial control systems, or next-gen consumer tech, this guide is packed with actionable insights 👉 https://hubs.ly/Q03rhxvJ0
Open Security ConferenceThe year 2025 is slowly coming to an end.
End of years can be joyful and relaxing, exciting and wholesome, full of reflection and gaining energy for the new year. This time can also be lonely and sad, incredibly stressful and terribly difficult to navigate, with folks barely making it through.
Let's be mindful and considerate - and help each other to move the needle. Now and in 2026. 💜
#osco #osco26 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity [lisi]
You're curious how the past editions of #osco turned out? We've got you covered! 🙌🏻
🎉 This was #osco25! Check out our recap: https://2025.opensecurityconference.org/conference/recapitulation/
💜 Gain impressions from all conferences: https://opensecurityconference.org/about/past-conferences/
✅ Save the dates for #osco26 on November 5-8, 2026! 😉
#CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
We love sharing resources that will help our AppSec community!! New eBook Alert: The Unique Challenges of Securing #ConnectedDevices
Whether you're building smart medical devices, industrial control systems, or next-gen consumer tech, this guide from Finite State is packed with actionable insights 👉 https://hubs.ly/Q03rhxvJ0
Yes. Yes, you've seen correctly. There's going to be an Open Security Conference 2026! 😍
🗓 Save the dates: November 5-8, 2026. ✅
https://opensecurityconference.org/
#osco #osco26 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
It's the last day, the last morning of the Open Security Conference 2025. We've learned so much together these days. Now's the time to go deeper into some of those topics, spend the rest of the time for networking, relax and breathe this community spirit.
We're very much looking forward to seeing lots of these folks again in 2026. 😊
https://opensecurityconference.org/
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
That was so fast - the second open space at the Open Security Conference 2025 is already coming to an end. We're all coming together to reflect, think about sessions for the evening and also our last day tomorrow.
Well, it's not over yet! 💜
https://opensecurityconference.org/
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]