Last day of RSAC conference. Once more into the breach [response and recovery AI tooling sales talks]!
Allan Friedman
- 868 Followers
- 372 Following
- 822 Posts
Anyone know of research on how people “discover” new open source that they want to use? Does one search GitHub for strings relevant to what they are looking for? See code used in other projects? Are there other registries?
“Shadow AI is like regular AI, but with cooler hair and music.”
Amazing opening keynote at @bsidessf by my old con buddy @bubblewire making the case for *optimism* in a very tumultuous time for the security community.
Why to be optimistic?
1. “The Room where it happens” Security is now increasingly part of strategic institutional decision making. Beyond just tech to real influence. 10 years ago, who wanted hackers in the room?
2. We have learned to design for humans, not against them.
3. Started to focus on what actually moves risk. Real skepticism of rote vendor solutions. Better at calling bullshit and focusing on what solves real problem
4. Barrier of entry are lower. Abstractions allow more people to engage in security. Everyone can be a builder. We depend on creativity and experimentation. Security practitioners are becoming builders.
5. Legacy risk might finally be tractable! AI tools can read, understand, and transform the legacy cold bases. We can imagine burning down technical debt.
6. We can pave things from the start - new providers are thinking about security “with a heightened awareness” New AI leaders have invested in security. Not a first priority, but maybe second or third, rather than bolt-on.
We have managed massive transitions in the security space before (cloud native!).
She also reminds us that the entire security community is built on just that: community. We share, we build collaboratively, we rely on alliances and nonprofits and standards orgs.
A nice moment in the McRary Institute Cyber Summit. Army Cyber Advisor Brett Pugh acknowledges that CISA and its hardworking expert staff are carrying on with their critical mission without getting paid.
My former teammates are doing damn good work in a very rough time.
Oscar CunninghamIt looks like the ⍼ saga has finally ended!
The unicode character '⍼' was a mystery first noticed in 2022: https://ionathan.ch/2022/04/09/angzarr.html. It's in the Unicode standard as a mathematical symbol. But no one could find any examples of it having been used, and no one knew what it represented. It was like the only record of an extinct species, fossilized in the Unicode standard.
But now someone has found the document it originally came from! It represents the angle 'Azimuth', and the symbol probably comes from the path light takes through a sextant. https://ionathan.ch/2026/02/16/angzarr.html
(@johncarlosbaez might appreciate this symbol!)
Tired: the meeting could have been an email.
Wired: This email could have been both written and read by an LLM.
This is an important case study on the "blast radius" of a supply chain risk. Ignoring "is Anthropic bad," think about how unprepared we are to deal with a major supply chain risk. We haven't gotten much better since Kaspersky ban.
You can't defend what you don't know about.
Some rare good news is cybersecurity. The foundation of the vulnerability management ecosystem is secured, thanks to some great work by our embattled friends at CISA.
Great reporting by @metacurity @msbrumfield
