One of our founding directors, Mike Eftimakis, sat down with Akshaya Asokan from Information Security Media Group (ISMG) to explore how CHERI is helping tackle one of cybersecurity’s biggest challenges: memory safety.

CHERI (Capability Hardware Enhanced RISC Instructions) is a hardware-based approach to security, designed to prevent around 70% of today’s common vulnerabilities. Backed by industry leaders and the UK government, we're working to ensure global adoption across the electronics supply chain.

Watch the interview to learn more about:

💠 How CHERI addresses memory safety issues
💠 Common hardware supply chain vulnerabilities
💠 Progress on adoption by chipmakers
💠 Scalability challenges associated with CHERI

🎥 Watch the full interview: https://www.bankinfosecurity.com/uks-cheri-alliance-expands-to-global-hardware-supply-chain-a-28942

#CHERI #CyberSecurity #HardwareSecurity #MemorySafety #SecurityByDesign #InfoSec

There's an #OpenPosition for a Secure-by-Design #Internship at #Vodafone in #Dresden. #Students can apply for this #Opening on the platform directly.

https://opportunities.vodafone.com/job-invite/265341/

#SecurityByDesign #sbd

🔧 Right to repair, but not to fix security?

Framework’s philosophy empowers users to open, upgrade, and repair their devices. But with great openness comes a security catch.

On the Framework 13, pressing the chassis intrusion switch 10 times resets the BIOS, removing passwords, Secure Boot, and more.

We flagged this to Framework. Their response?
"It's a feature..."

That’s risky. This reset might help with recovery, but it also hands an attacker physical access to critical settings.

Kieran explains the issue, what this means for security, and how to protect your device.

📌Read here: https://www.pentestpartners.com/security-blog/framework-13-press-here-to-pwn/

#RightToRepair #HardwareSecurity #FrameworkLaptop #BIOSReset #SecurityByDesign #CyberSecurity

Listen to who listens… https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/#more-15309

#itsecurity #vulnerability #securitybydesign #cra #bluetooth #headphones #earphones #cve

Are Web Components & Cybersecurity A Better Combo?

I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.

But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?

Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?

---

Quick context: I've got a #ReactJS #messagingApp (repo here: https://github.com/positive-intentions/chat) and a separate #UIFramework (repo here: https://github.com/positive-intentions/dim) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.

FYI, same question's on Reddit here: https://www.reddit.com/r/ExperiencedDevs/comments/1lmk1rg/are_web_components_better_for_cybersecurity/, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.

Threat Modeling hilft, Risiken früh zu erkennen – bevor sie zum Problem werden. Frag dich im Design: Was kann schiefgehen? Wer könnte angreifen? So entsteht Software, die nicht nur funktioniert, sondern schützt.

Basierend auf: "Threat Modeling" von Adam Shostack.
#SecurityByDesign #ThreatModeling

ICYMI: “Every TWINSCAN EUV ships with ~45 million lines of code […] Bugfixes and features start out as *word documents* sent to a series of review boards…”

Remember, kids: all this security nightmare can be fixed through the simple act of regulators demanding that security be implemented “by design”.

Or not. Because “security by design” doesn’t mean anything.

These are the machines which fabricate all the world’s major CPUs:

https://twitter.com/lauriewired/status/1915162540868596081

#bugs #securityByDesign #softwareEngineering

*Last Call*

I have a #PhD position for UK students, available with myself and @bentnib

This project will be looking at developing new methods for asserting the resilience of existing communicating systems by developing new static analysis methods derived from advanced programming language research.

*Hard Deadline*: Wednesday 16th April 2025

You will belong to @StrathCyber and @mspstrath, as well as gaining access to @spli

https://www.strath.ac.uk/studywithus/postgraduateresearchphdopportunities/science/computerinformationsciences/towardstype-drivenassuranceofcommunicatingsystems/

(Ignore the deadline on the advert)

Please spread the words.

#dependentTypes #formalMethods #idris #programmingLanguageTheory #typeTheory #idris2 #computerSecurity #cybersecurity #securityByDesign #secureByDesign

I have a funded #PhD position for UK students, available with myself and @bentnib

This project will be looking at developing new methods for asserting the resilience of existing communicating systems by developing new static analysis methods derived from advanced programming language research.

Deadline: Thursday 20th March 2025

You will belong to @StrathCyber and @mspstrath, as well as gaining access to @spli

For now more details about the project are on my personal website.

https://tyde.systems/page/position/2025-jarss/

Please spread the words.

#dependentTypes #formalMethods #idris #programmingLanguageTheory #typeTheory #idris2 #computerSecurity #cybersecurity #securityByDesign #secureByDesign