Jean-Baptiste Maillet

@[email protected]
26 Followers
49 Following
315 Posts
Hardcore embedded C/C++ caveman.
Supply chain cybersecurity, SBOM , vulnerability management.
#embedded #linux #oss #psirt
he/him
embedded
linux
oss
psirt
Jean-Baptiste Maillet2h ago
Jens Ohlig21h ago

„By Wednesday morning, Anthropic representatives had used a copyright takedown request to force the removal of more than 8,000 copies and adaptations of the raw Claude Code instructions—known as source code—that developers had shared on programming platform GitHub.“

Because if there’s one thing GenAI companies absolutely don’t take lightly, it’s copyright.

https://www.wsj.com/tech/ai/anthropic-races-to-contain-leak-of-code-behind-claude-ai-agent-4bc5acc7

Jean-Baptiste Maillet1d ago
nixCraft 🐧1d ago

Claude Code's source code has been leaked via a map file in their NPM registry https://xcancel.com/Fried_rice/status/2038894956459290963 😂

Guess what? Most of code is either slop or even old good regex like for detecting negative sentiment in users prompt which is then logged

https://github.com/chatgptprojects/claude-code/blob/642c7f944bbe5f7e57c05d756ab7fa7c9c5035cc/src/utils/userPromptKeywords.ts#L8

These tools are going to replace 80% of all dev jobs and their plugin is gonna maintain all security and banking code? 🤡

Chaofan Shou (@Fried_rice)

Claude code source code has been leaked via a map file in their npm registry! Code: https://pub-aea8527898604c1bbb12468b1581d95e.r2.dev/src.zip

Nitter
Jean-Baptiste Maillet1d ago
LWN.net1d ago

Vulnerability Research Is Cooked (sockpuppet.org)

https://lwn.net/Articles/1065586/ #LWN #Linux #security

Vulnerability Research Is Cooked (sockpuppet.org)

There is a blog post on sockpuppet.org arguing that we are not prepared for the upcoming flood [...]

LWN.net
Jean-Baptiste Maillet2d ago
Alexandre Dulaunoy2d ago

If someone comes to me today preaching about “post-quantum” security issues, I’ll remind them of the current state of security: the npm ecosystem gets abused daily, CI pipelines run left and right with full access to cloud services, so-called security devices like F5 and Ivanti are exposed (and compromised) to the internet, mailboxes get compromised just to change an IBAN in a PDF, and a simple phone call is still enough to get someone to hand over an MFA code.

But yes, by all means, let’s focus on post-quantum threats while handing AI tools SSH access like it’s a feature, not a confession.

#cybersecurity #stateoftheworld

Jean-Baptiste Maillet3d ago
Show threadAgnès H.3d ago
Cet article "pourquoi se syndiquer dans l'informatique" m'avait beaucoup fait réfléchir à l'époque où il était paru. En 2026 la résistance à l'IA est un sujet syndical dans tous les syndicats de travailleuses que côtoie.
https://www.24joursdeweb.fr/2023/pourquoi-se-syndiquer-dans-linformatique
(Nb. À l'époque où l'article est paru j'y connaissais strictement rien en syndicalisme, c'est vraiment une merveille de pédagogie)
Pourquoi se syndiquer dans l’informatique ? - 24 jours de web

Quand on parle de syndicalisme, on a souvent l’image de « Jojo-le-syndiqué-de-la-cégété », qui brûle des pneus devant l’usine en mangeant des merguez en manif. Ou encore de la mafia qui ne travaille …

24 jours de web
Jean-Baptiste Maillet6d ago
daniel:// stenberg://Mar 26

Don’t trust, verify

https://daniel.haxx.se/blog/2026/03/26/dont-trust-verify/

#curl

Don’t trust, verify

Software and digital security should rely on verification, rather than trust. I want to strongly encourage more users and consumers of software to verify curl. And ideally require that you could do at least this level of verification of other software components in your dependency chains. Attacks are omnipresent With every source code commit and … Continue reading Don’t trust, verify →

daniel.haxx.se
Jean-Baptiste MailletMar 26
Eris2catsMar 23
"We use debian, that should be age verification enough"
Jean-Baptiste MailletMar 25
Show threadCedricMar 25

@adulau @jbm

new feature from Codex for the CPE guessing. Works like a charm!

Jean-Baptiste MailletMar 25
Alexandre DulaunoyMar 25

VulnMCP is an MCP server built with FastMCP that provides AI clients, chat agents, and other automated systems with tools for vulnerability management. It offers modular "skills" that can be easily extended or integrated, enabling intelligent analysis and automated insights on software vulnerabilities.

A new component in the galaxy of tooling of vulnerability-lookup.

Thanks to @cedric who is becoming an orchestrator for many AI tools nowadays.

#cve #gcve #vulnerability #vulnerabilitymanagement #opensource #ai #mcp #vulnerabilitylookup

🔗 https://github.com/vulnerability-lookup/VulnMCP

GitHub - vulnerability-lookup/VulnMCP: A modular MCP providing AI-driven vulnerability management skills, including severity classification and automated insights.

A modular MCP providing AI-driven vulnerability management skills, including severity classification and automated insights. - vulnerability-lookup/VulnMCP

GitHub
Jean-Baptiste MailletMar 25
CVE ProgramMar 24
New on the CVE Blog:
“Supplier ADP Pilot” — CVE Program to Explore Benefits of Supporting VEX-like, Product Status Information in Upstream CVE Records

https://medium.com/@cve_program/supplier-adp-pilot-cve-program-to-explore-benefits-of-supporting-vex-like-product-status-852587bc9546

#cve #vulnerability #vulnerabilitymanagement #infosec #cybersecurity