Allan Friedman

@allanfriedman@infosec.exchange
808 Followers
367 Following
755 Posts
#SBOM Champion. Full service technocrat. Now at @Cisagov, formerly NTIA. Lapsed{engineer, academic, author}. Personal Account.
Allan FriedmanJun 1
Sunday brunch: tacos with the last of the brisket burnt ends and a strawberry-mozzarella-basil salad.
Allan FriedmanJun 1
Sunday brunch: tacos with the last of the brisket burnt ends and a strawberry-mozzarella-basil salad.
Allan FriedmanMay 30
New summer coffee habit: double shot from the bialetti moka over ice, with homemade lemon rind syrup.
Allan FriedmanMay 25
Brisket trimmings = beef cracklin = some pretty damn amazing gravy for Sunday morning biscuits.
Allan FriedmanMay 20
Adam Shostack  May 20

New blog: Free Threat Modeling Training for Displaced Federal Workers

US Government employees (and former employees) are going through a lot of chaos. Many of our colleagues, collaborators, and friends are out of work — suddenly and unexpectedly.

At Shostack + Associates, we can’t fix that. But we can offer something concrete.

In times of uncertainty, we focus on what we know, and what we know is threat modeling and how to teach it. It’s what we do best, and it’s how we can help.

(1/4) full post, links: https://is.gd/nYz3y2

Allan FriedmanMay 18
Seth LarsonMay 18

My #PyConUS session is later today, let's find out together if your requirements.txt is haunted? 👻

Join the haunt in Ballroom BC at 1:45PM, don't be scared!

https://us.pycon.org/2025/schedule/presentation/14/

#PyConUS #PyCon #PyConUS2025 #Python #Security

Phantom Dependencies: is your requirements.txt haunted?

Did you know there’s more than Python code included in Python packages? This might be a surprise, especially if you’ve … Presented by: Seth Michael Larson

PyCon US 2025
Allan FriedmanMay 16

Apple Weather: expect thunderstorms soon.
Also Apple Weather: hey, I betcha need a wind map now, right?

How are these things still so bad.

Allan FriedmanMay 8
Patrick C Miller May 8
UK spies see ‘direct connection’ between Russian cyberattacks and sabotage plots https://therecord.media/uk-spies-see-connection-russia
UK spies see ‘direct connection’ between Russian cyberattacks and sabotage plots

Cyber chief Richard Horne said intelligence agencies were seeing the hacking threat from Russia manifesting “on the streets of the UK."

Allan FriedmanMay 6

Allan’s corollary to Clarke’s 3rd law:

Debugging any sufficiently advanced technology involves magic.

Allan FriedmanMay 5
Seth LarsonMay 2

I published a new small project called "whichprovides" that's an abstraction over many package manager ecosystems, mostly for generating Package URLs to include in SBOMs:

#python #opensource #oss #sbom

https://sethmlarson.dev/new-project-whichprovides

whichprovides: an abstraction of "yum provides"

This critical role would not be possible without funding from the Alpha-Omega project. I'm announcing a new small project I've created as a part of my work on Software Bill-of-Material...

sethmlarson.dev
×
Allan FriedmanMay 30
New summer coffee habit: double shot from the bialetti moka over ice, with homemade lemon rind syrup.
Show threadfedward May 30
@allanfriedman Have you had a chronic tonic like Vigilante does (perhaps among others)? Muddle an orange slice, add ice, add espresso, top with tonic, garnish with a fresh orange slice. Probably a similar profile in the end, but convenient if you don’t have lemon rind syrup on hand.
Show threadAllan FriedmanMay 30
@fedward I love an espresso tonic! I just am more likely to have syrups than I am decent tonic. Do you have a tonic syrup you like?
Show threadfedward May 30
@allanfriedman we just get the little Fever Tree cans when they go on sale. I looked into making our own back when that was a thing (when Adam Bernbach was at Estadio, in other words) and stopped when I got to the bit about how too much quinine is actually toxic. I felt more comfortable just buying it.