Once again, an important standard is behind a paywall: prEN 4709-02 from CENELEC. It matters for both security and safety, and could benefit everyone, yet access remains restricted.

@EUCommission do you plan to force CENELEC to publish and release publicly the standards?

#cenelec #paywall #drone #standard #openstandard

If your Open Source project sees a steep increase in number of high quality security reports (mostly done with AI) right now (#curl, Linux kernel, glibc confirmed) please tell me the name of this project.

(I'd like to make a little list for my coming talk on this.)

For hackathon.lu, I was initially unsure what my main project would be, but I ultimately decided to focus on implementing the future GCVE BCP-10.

GCVE-BCP-10: Improved Common Platform Enumeration for GCVE

The idea is combine it with the cpe-guesser and have a registry to facilitate the interaction with the CPE values to handle vendor and product references.

#gcve #cve #cpe #opensource #cybersecurity

🔗 Draft https://discourse.ossbase.org/t/gcve-bcp-10-improved-common-platform-enumeration-for-gcve/1042

🔗 Hackathon https://hackathon.lu/

🔗 https://github.com/vulnerability-lookup/cpe-guesser

„By Wednesday morning, Anthropic representatives had used a copyright takedown request to force the removal of more than 8,000 copies and adaptations of the raw Claude Code instructions—known as source code—that developers had shared on programming platform GitHub.“

Because if there’s one thing GenAI companies absolutely don’t take lightly, it’s copyright.

https://www.wsj.com/tech/ai/anthropic-races-to-contain-leak-of-code-behind-claude-ai-agent-4bc5acc7

Claude Code's source code has been leaked via a map file in their NPM registry https://xcancel.com/Fried_rice/status/2038894956459290963 😂

Guess what? Most of code is either slop or even old good regex like for detecting negative sentiment in users prompt which is then logged

https://github.com/chatgptprojects/claude-code/blob/642c7f944bbe5f7e57c05d756ab7fa7c9c5035cc/src/utils/userPromptKeywords.ts#L8

These tools are going to replace 80% of all dev jobs and their plugin is gonna maintain all security and banking code? 🤡

Vulnerability Research Is Cooked (sockpuppet.org)

https://lwn.net/Articles/1065586/ #LWN #Linux #security

If someone comes to me today preaching about “post-quantum” security issues, I’ll remind them of the current state of security: the npm ecosystem gets abused daily, CI pipelines run left and right with full access to cloud services, so-called security devices like F5 and Ivanti are exposed (and compromised) to the internet, mailboxes get compromised just to change an IBAN in a PDF, and a simple phone call is still enough to get someone to hand over an MFA code.

But yes, by all means, let’s focus on post-quantum threats while handing AI tools SSH access like it’s a feature, not a confession.

#cybersecurity #stateoftheworld