ClarotyJul 15
💡 On Claroty Nexus, Providence CISO Mike Ratliff writes about his organization’s governance, risk, attack surface management, and compliance (GRAC) model – a rebuild of traditional GRC. #GRAC embraces five areas of improvement, some of which include the quantification and prioritization of risk, and an architecture that supports #SecureByDesign principles. https://nexusconnect.io/articles/rebuilding-legacy-grc-from-the-ground-up
Rebuilding Legacy GRC from the Ground Up

Mike Ratliff, CISO at Providence, one of the country's largest not-for-profit healthcare providers, writes about his organization's attempt to re-think GRC as Governance, Risk, Attack Surface Management, and Compliance (GRAC). Ratliff describes five areas GRAC improves the overall security program, including the quanti...

Nexus
ClarotyJul 14
💡 On Nexus, expert Dan Ricci writes about how current #OT #cybersecurity budgeting approaches reflect a misalignment of prioritizing surface-level defenses over architectural shortcomings. Instead, CISOs should demand vendors deliver products that are #SecureByDesign, and address systemic failures over a reactive approach to the security of cyber-physical systems. https://nexusconnect.io/articles/the-economics-of-ot-cybersecurity-are-we-investing-in-the-wrong-priorities
The Economics of OT Cybersecurity: Are We Investing in the Wrong Priorities?

Current OT cybersecurity budgeting approaches reflect a misalignment of prioritizing surface-level defenses over architectural shortcomings. Instead, CISOs should demand vendors deliver products that are secure by design, and address systemic failures over a reactive approach to the security of cyber-physical systems.

Nexus
CHERI AllianceJul 10

👋 Hey infosec.exchange! We’re the CHERI Alliance — excited to join the community!

🔐 We’re all about CHERI (Capability Hardware Enhanced RISC Instructions) — a powerful hardware-based approach to making memory safety and software security actually enforceable, by design.

💡 CHERI helps stop things like buffer overflows and use-after-free bugs before they cause trouble — with hardware-enforced protections built right into the architecture.

We’re here to:
- Share news about the CHERI community in general
- Talk about what our members are building with CHERI
- Connect with folks who care about deep, meaningful security improvements
Check us out 👉 cherialliance.org

Give us a follow if this sounds like your kind of thing!

#CHERI #MemorySafety #SecureByDesign #InfoSec #CyberSecurity #HardwareSecurity

Tod BeardsleyJul 3

Another static, unchangable root password in Cisco gear. In 2025.

https://www.cve.org/cverecord?id=CVE-2025-20309

#SecureByDesign

Trifecta Tech FoundationJun 17

Today we're switching the bzip2 crate from C to 100% rust!
The bzip2 crate is now memory-safe, faster and easier to cross-compile.

https://trifectatech.org/blog/bzip2-crate-switches-from-c-to-rust/

Thanks to: @alex_crichton, @ros , and @nlnet

This project was funded through the e-Commons Fund, a fund established by NLnet Foundation with financial support from the @minbzk .

#rustlang #rust #securebydesign

bzip2 crate switches from C to 100% rust - Trifecta Tech Foundation

Show threadSPdevALK 🐘️ ☑️ 🇺🇦 🇵🇸Jun 12

#Asimov himself already showed why hard coded rules are necessary in any autonomous system.

So why don’t we have such safeguards? Answer: #Money, #Greed and unscrupulous #Opportunism

#Microsoft did not ‘fix’ anything. This thing should blow up in their faces. Certainly don’t believe any #SecureByDesign claims

Only use Disconnected + Local models, if you have to use AI at all. Do not use any connected service, especially #AIaaS. You have been warned!

Nishant KaushikJun 12

I finally got around to writing a follow-up to my previous blog post that was triggered by Patrick Opet's open letter, regarding the tradeoff organizations make: sacrificing foundational security for business velocity.

In this post, fueled by conversations I had at Identiverse, I explore how we can change that, by trying to answer the real question: Why aren’t we building secure-by-design systems, even when we know how? Spoiler: It's about incentives.

Check it out and let me know your thoughts.

https://blog.talkingidentity.com/2025/06/secure-by-design-has-an-incentive-problem.html

#SecureByDesign #RSAC2025 #CyberSecurity #ZeroTrust #Identiverse2025 #IdentitySecurity #Incentives #SaaS #Compliance #RiskManagement

Secure-by-Design has an Incentive Problem – Talking Identity

Show threadMathiasTCK.bsky.socialMay 27
bsky.app/profile/insi... #SecureByDesign

RE: https://bsky.app/profile/did:plc:eapy55355droyocrowyjz5lo/post/3lp2xmjd4os2o
Insights Into Things Podcasts (@insightsintothings.com)

UK unveils voluntary Software Security Code of Practice with 14 principles to embed security into development.Aims to make 'secure by design' the norm. #AppSec #SecureByDesign #CyberSecurity #UKTech #DevSecOps #SoftwareSecurity https://www.darkreading.com/application-security/uk-security-guidelines-boost-software-development

Bluesky Social
MathiasTCK.bsky.socialMay 27
en.wikipedia.org/wiki/Secure_... www.cisa.gov/securebydesign "Products designed with #SecureByDesign principles prioritize the security of customers as a #CoreBusinessRequirement, rather than merely treating it as a #TechnicalFeature."

RE: https://bsky.app/profile/did:plc:ocsbmyulc2grbq3esflddyj6/post/3lq4ylm2erk2b

Secure by design - Wikipedia
Secure by design - Wikipedia

OWASP FoundationMay 26

🔐 Get Ready for OWASP Global AppSec USA 2025! 🔐

This event is built for everyone in the CyberSec community, whether you want to expand your skills or discover new solutions, this is the event for you.

🎟️ Register now: https://owasp.glueup.com/event/131624/register/

#OWASP #AppSecUSA2025 #Cybersecurity #ApplicationSecurity #DevSecOps #InfoSec #Hacking #ThreatModeling #AI #WashingtonDCEvents #SecureByDesign