home.social

#productsecurity β€” Public Fediverse posts

Live and recent posts from across the Fediverse tagged #productsecurity, aggregated by home.social.

  1. At AppSec Village, we're proud to have Finite State on board as a Silver Sponsor this year πŸ’€πŸ’™

    If connected device security is your world β€” they're worth knowing!

    ⬇️
    buff.ly/I99VSjM

    #AppSec #IoT #ProductSecurity

  2. Unnecessary complexity makes products hard to maintain and hard to secure. Modern apps such as Cloudflare's EmDash and Tailscale show that designing for simplicity produces stronger security as a side effect.

    zeltser.com/modern-design-secu

    #infosec #cybersecurity #securebydesign #productsecurity

  3. Every component a product ships becomes something customers must configure, patch, and defend. WordPress illustrates this, with 90-96% of its security issues originating in plugins because its architecture gives every plugin unrestricted access to the entire system. Self-hosted databases need replication, backups, and version upgrades, while container platforms need network policies, image scanning, and cluster maintenance. Each added component expands both operational load and attack surface.

    Modern architectures are changing what products require customers to run:

    * Cloudflare's EmDash reimagines WordPress as a serverless CMS with no PHP runtime, no customer-managed database, and sandboxed extensions that must declare specific capabilities such as "read:content."
    * WireGuard's implementation fits in roughly 4,000 lines of kernel code, small enough for one person to audit.
    * Tailscale builds on WireGuard so devices connect without customers running servers, opening ports, or rotating certificates.

    The security improvements came from eliminating components rather than layering new controls on top.

    For builders, that shifts the question from "what controls should we add?" to "what can we simplify?" A platform service can replace a customer-managed database, a capability declaration can replace unrestricted plugin access, and a safe default can replace an opt-in checkbox. Each removal shrinks both what customers must maintain and what attackers can target.

    For my full article, see:
    zeltser.com/modern-design-secu

    #infosec #cybersecurity #securebydesign #productsecurity

  4. πŸ” eBook Alert: The Unique Challenges of Securing #ConnectedDevices

    Whether you're building smart medical devices, industrial control systems, or next-gen consumer tech, this guide is packed with actionable insights πŸ‘‰ hubs.ly/Q03rhxvJ0

    #IoTSecurity #ProductSecurity

  5. The year 2025 is slowly coming to an end.

    End of years can be joyful and relaxing, exciting and wholesome, full of reflection and gaining energy for the new year. This time can also be lonely and sad, incredibly stressful and terribly difficult to navigate, with folks barely making it through.

    Let's be mindful and considerate - and help each other to move the needle. Now and in 2026. πŸ’œ

    #osco #osco26 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity [lisi]

  6. You're curious how the past editions of #osco turned out? We've got you covered! πŸ™ŒπŸ»

    πŸŽ‰ This was #osco25! Check out our recap: 2025.opensecurityconference.or
    πŸ’œ Gain impressions from all conferences: opensecurityconference.org/abo
    βœ… Save the dates for #osco26 on November 5-8, 2026! πŸ˜‰

    #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  7. You're curious how the past editions of #osco turned out? We've got you covered! πŸ™ŒπŸ»

    πŸŽ‰ This was #osco25! Check out our recap: 2025.opensecurityconference.or
    πŸ’œ Gain impressions from all conferences: opensecurityconference.org/abo
    βœ… Save the dates for #osco26 on November 5-8, 2026! πŸ˜‰

    #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  8. You're curious how the past editions of #osco turned out? We've got you covered! πŸ™ŒπŸ»

    πŸŽ‰ This was #osco25! Check out our recap: 2025.opensecurityconference.or
    πŸ’œ Gain impressions from all conferences: opensecurityconference.org/abo
    βœ… Save the dates for #osco26 on November 5-8, 2026! πŸ˜‰

    #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  9. You're curious how the past editions of #osco turned out? We've got you covered! πŸ™ŒπŸ»

    πŸŽ‰ This was #osco25! Check out our recap: 2025.opensecurityconference.or
    πŸ’œ Gain impressions from all conferences: opensecurityconference.org/abo
    βœ… Save the dates for #osco26 on November 5-8, 2026! πŸ˜‰

    #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  10. You're curious how the past editions of #osco turned out? We've got you covered! πŸ™ŒπŸ»

    πŸŽ‰ This was #osco25! Check out our recap: 2025.opensecurityconference.or
    πŸ’œ Gain impressions from all conferences: opensecurityconference.org/abo
    βœ… Save the dates for #osco26 on November 5-8, 2026! πŸ˜‰

    #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  11. We love sharing resources that will help our AppSec community!! New eBook Alert: The Unique Challenges of Securing #ConnectedDevices

    Whether you're building smart medical devices, industrial control systems, or next-gen consumer tech, this guide from Finite State is packed with actionable insights πŸ‘‰ hubs.ly/Q03rhxvJ0

    #IoTSecurity #ProductSecurity

  12. Yes. Yes, you've seen correctly. There's going to be an Open Security Conference 2026! 😍

    πŸ—“ Save the dates: November 5-8, 2026. βœ…

    opensecurityconference.org/

    #osco #osco26 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  13. It's the last day, the last morning of the Open Security Conference 2025. We've learned so much together these days. Now's the time to go deeper into some of those topics, spend the rest of the time for networking, relax and breathe this community spirit.

    We're very much looking forward to seeing lots of these folks again in 2026. 😊

    opensecurityconference.org/

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  14. That was so fast - the second open space at the Open Security Conference 2025 is already coming to an end. We're all coming together to reflect, think about sessions for the evening and also our last day tomorrow.

    Well, it's not over yet! πŸ’œ

    opensecurityconference.org/

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  15. Aaaaand it's another full day of open space at the Open Security Conference 2025! Participants just started to present their session ideas for today. Oh the tension, we're super curious what we'll all learn today! 😁 Yet one thing is for sure - whatever it is, it'll be in the common interest for folks. One of the beauties of an open space. 🌻

    opensecurityconference.org/

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  16. What a day. Already learned so much from this crowd - "be ready to be surprised" really holds true every time at #OpenSpace conferences like ours! 🌟

    Off for dinner, afterwards the evening fun will start. 😁

    opensecurityconference.org/

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  17. Our second keynote is about to start! So happy that @bkastl made it to the Open Security Conference 2025. We can't wait to learn from her analysis on "History repeating itself". πŸ“œ

    opensecurityconference.org/con

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  18. Good morning everyone to the first #OpenSpace day of the Open Space Conference 2025! We literally can't wait what program we'll co-create together today. We're all set up for good things to happen! ✨

    opensecurityconference.org/

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity [lisi]

  19. What an awesome crowd! The first evening at the Open Space Conference 2025 was a blast. ☺️

    While the official program ended, it's perfect time now to hang out and get to know a few folks before the first open space day starts tomorrow. Or just relax and rest. Or take a night walk. Or whatever is right for you right now πŸ˜‰

    opensecurityconference.org/

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  20. Give visibility to champions and encourage volunteers. Bring security closer to teams and foster a culture of shared knowledge.
    β€”β€”β€” 
    πŸ— Building an AppSec Program from Scratch - Mireia Cano (@m1r314)

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]

  21. Clear expectations and structured onboarding for security champions really helped, including sharing security baseline knowledge.
    β€”β€”β€” 
    πŸ— Building an AppSec Program from Scratch - Mireia Cano (@m1r314)

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]

  22. Security champions know the context of their team, invaluable. Monthly meetings, 1 to 1 sessions, security seminars. Share knowledge and build relationships.
    β€”β€”β€” 
    πŸ— Building an AppSec Program from Scratch - Mireia Cano (@m1r314)

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]

  23. Lots of questions for Mireia! People are curious to hear more & share their experiences as well - especially on security champions & how to have them succeed.
    β€”β€”β€” 
    πŸ— Building an AppSec Program from Scratch - Mireia Cano (@m1r314)

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]

  24. Do you know this situation where you feel like every tool has improved besides the one that you chose?

    β€”β€”β€” 
    πŸ— Building an AppSec Program from Scratch - Mireia Cano (@m1r314)

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]

  25. Security champions embedded in each domain to bridge gaps. This transformation didn't happen overnight, and it's a never-ending journey.
    β€”β€”β€” 
    πŸ— Building an AppSec Program from Scratch - Mireia Cano (@m1r314)

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]

  26. Security is no longer enforced through gates, teams own their security. Metrics and dashboards enable teams to track progress towards their goals.
    β€”β€”β€” 
    πŸ— Building an AppSec Program from Scratch - Mireia Cano (@m1r314)

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]

  27. Built our own security champions framework. Defined goals, had structured engagement. Onboarding was smooth. Cultural expansion. We made security look cool!

    β€”β€”β€” 
    πŸ— Building an AppSec Program from Scratch - Mireia Cano (@m1r314)

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]

  28. Clear goals are essential. Volunteers over assigned champions. Engagement is key. We failed at all of these.

    β€”β€”β€” 
    πŸ— Building an AppSec Program from Scratch - Mireia Cano (@m1r314)

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]

  29. Security champions for the win! Previous programs failed, so we did our research. Identified key learnings!

    β€”β€”β€” 
    πŸ— Building an AppSec Program from Scratch - Mireia Cano (@m1r314)

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]

  30. Centralized information from all tools into one. Gained visibility on company posture. But still no idea what's happening in teams.
    β€”β€”β€” 

    πŸ— Building an AppSec Program from Scratch - Mireia Cano (@m1r314)

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]

  31. Yay, metrics work! Yet needed to become strategic and intentional. Let's define our goals, ask questions how to achieve these goals, find metrics to support.
    β€”β€”β€” 

    πŸ— Building an AppSec Program from Scratch - Mireia Cano (@m1r314)

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]

  32. This kept happening, had to switch the approach. How about security metrics? Pivot from enforcers to enablers! Put the power into the hands of teams.
    β€”β€”β€” 

    πŸ— Building an AppSec Program from Scratch - Mireia Cano (@m1r314)

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]

  33. Let's introduce security gates to the pipelines! Yay, done for team A. Hm, team B has different ones. Okay, can work with that. Oh incident, bypassed gates.
    β€”β€”β€” 

    πŸ— Building an AppSec Program from Scratch - Mireia Cano (@m1r314)

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]

  34. What is application security at all? Do you have that perfect image in mind of how your application security program should look like?

    β€”β€”β€” 
    πŸ— Building an AppSec Program from Scratch - Mireia Cano (@m1r314)

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity [lisi]

  35. Thank you REWE digital for being a silver sponsor for the Open Security Conference 2025 - we are truly grateful for your continued support!

    You really make this event more accessible for folks interested in cybersecurity. πŸ˜ŠπŸ™πŸ»

    Discover #REWEdigital: rewe-digital.com/en

    Learn more about all our sponsors: opensecurityconference.org/sup

    #HomeOfIT #IT #Retail #osco #osco25 #CyberSecurity #Security #ITSecurity #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  36. 🚨 One week until #AutoISAC kicks off in Washington, DC!

    With the #ConnectedVehicleRule on the horizon, automakers face growing demands for transparency, SBOM management, & secure-by-design practices. The Finite State team is heading to the summit to help you stay ahead. Book time with us now πŸ‘‰ info.finitestate.io/auto-isac-

    #AutomotiveSecurity #SBOMManagement #ProductSecurity

  37. Heading to #AutoISAC USA next week?

    The #ConnectedVehicleRule is already rewriting the rules for automotive cybersecurity. Don’t miss our expert-led webinar on what OEMs & suppliers must do to stay compliant.

    ▢️ Watch on demand: info.finitestate.io/connected-

    #AutomotiveCybersecurity #SupplyChainSecurity #ProductSecurity

  38. On #WomenInCyber Day, we spotlight Naomi Buckwalter, Sr. Director of Product Security Contrast Security.
    She shares insights on:
    ⭐ Invisible security programs that don’t slow devs
    ⭐ Bootcamps, scholarships & what real impact looks like
    ⭐ Bias-free hiring practices
    ⭐ Practical leadership growth for women in cyber
    πŸ‘‰ Read here: technadu.com/women-driving-the

    πŸ’¬ Boost this post & follow @technadu for more voices shaping cybersecurity.

    #CyberSecurity #LeadHERinSecurity #ProductSecurity #WomenInTech #TechNadu

  39. On #WomenInCyber Day, we spotlight Naomi Buckwalter, Sr. Director of Product Security Contrast Security.
    She shares insights on:
    ⭐ Invisible security programs that don’t slow devs
    ⭐ Bootcamps, scholarships & what real impact looks like
    ⭐ Bias-free hiring practices
    ⭐ Practical leadership growth for women in cyber
    πŸ‘‰ Read here: technadu.com/women-driving-the

    πŸ’¬ Boost this post & follow @technadu for more voices shaping cybersecurity.

    #CyberSecurity #LeadHERinSecurity #ProductSecurity #WomenInTech #TechNadu

  40. Today is Women's Equality Day, a day celebrated in the US and a day important everywhere. Or shall we say it's a reminder of the inequality and inequity that's still prevalent across the world for folks who are not white cis men? Yes, we shall. We all need to do better. Today we learn again.

    When white women were granted the right to vote in the US: en.m.wikipedia.org/wiki/Women%

    When white women were granted the right to vote in various countries: en.m.wikipedia.org/wiki/Timeli

    When nearly everyone was granted the right to vote across the world: en.m.wikipedia.org/wiki/Univer

    Let's continue leveling the playing-field, for everyone.

    #WomensEqualityDay #GenderEquality #VotingRights #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  41. We want to thank REWE digital for their continued sponsorship of the Open Security Conference - you're awesome!

    You helped us make #osco24 more affordable for folks interested in cybersecurity, and the same applies for #osco25. Your support gets us a big step closer and we're grateful. πŸ˜ŠπŸ™πŸ»

    Discover #REWEdigital: rewe-digital.com/en

    Learn more about all our sponsors: opensecurityconference.org/sup

    #HomeOfIT #IT #Retail #osco #osco25 #CyberSecurity #Security #ITSecurity #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  42. Huge shout-out to itRISKman and @jenshoffmann for your continued sponsorship of the Open Security Conference!

    Your support already made #osco24 more affordable for folks interested in cybersecurity - and it does so as well for #osco25! Big thanks to you. πŸ˜ŠπŸ™πŸ»

    Discover itRISKman: itriskman.de/

    Learn more about all our sponsors: opensecurityconference.org/sup

    #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  43. Did you spot the bug in this post? πŸ˜… Well, you could say that information was leaked prematurely. Or: we were simply so eager to post about this that we ended up a week too early. πŸ™ˆ But hey, today is International Self-Care Day for real and it's still important to take care of ourselves. So let's do this together. #InternationalSelfCareDay #WorldSelfCareDay #SelfCareDay #SelfCare #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  44. Did you spot the bug in this post? πŸ˜… Well, you could say that information was leaked prematurely. Or: we were simply so eager to post about this that we ended up a week too early. πŸ™ˆ But hey, today is International Self-Care Day for real and it's still important to take care of ourselves. So let's do this together. #InternationalSelfCareDay #WorldSelfCareDay #SelfCareDay #SelfCare #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  45. Did you spot the bug in this post? πŸ˜… Well, you could say that information was leaked prematurely. Or: we were simply so eager to post about this that we ended up a week too early. πŸ™ˆ But hey, today is International Self-Care Day for real and it's still important to take care of ourselves. So let's do this together. #InternationalSelfCareDay #WorldSelfCareDay #SelfCareDay #SelfCare #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

  46. Did you spot the bug in this post? πŸ˜… Well, you could say that information was leaked prematurely. Or: we were simply so eager to post about this that we ended up a week too early. πŸ™ˆ But hey, today is International Self-Care Day for real and it's still important to take care of ourselves. So let's do this together. #InternationalSelfCareDay #WorldSelfCareDay #SelfCareDay #SelfCare #osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]