#securebydesign — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #securebydesign, aggregated by home.social.
-
Unnecessary complexity makes products hard to maintain and hard to secure. Modern apps such as Cloudflare's EmDash and Tailscale show that designing for simplicity produces stronger security as a side effect.
-
Built with hardened defaults for users who take privacy seriously.
Whonix delivers anonymity and security you can rely on.#Whonix #PrivacyFirst #Anonymity #SecureByDesign #CyberSecurity #DigitalPrivacy
-
Great read for tech leaders exploring shift-left security and new IT operating models. Join the discussion and share your view on early security adoption. #DigitalTransformationLeadership #CIOpriorities #EmergingTechnologyStrategy #ITOperatingModelEvolution #DataDrivenDecisionMakingInIT #ShiftLeft #SecureByDesign #LeadershipInTech
https://www.linkedin.com/pulse/shifting-left-embedding-security-development-sanjay-k-mohindroo--penac -
🚀 NEW on We ❤️ Open Source 🚀
SBOMs are the foundation of a more secure open source ecosystem. Alan Pope shows how Syft & Grype help you inventory & scan your software for vulnerabilities—fast, locally, and openly.
https://allthingsopen.org/articles/sbom-open-source-security-syft-grype
#WeLoveOpenSource #SBOM #OpenSourceSecurity #Syft #Grype #FOSS #DevSecOps #SecureByDesign
-
Case matters, folks. 🫠
#Linux #FOSS #Terminal #OpenSource #Bash #CommandLine #TechHumor #TechMeme #Humor #Meme #SysAdmin #System #Privacy #InfoSec #CyberSecurity #LinuxLife #LinuxGaming #Shell #DevLife #Dev #Development #CLI #LinuxCommunity #SecureByDesign #Ubuntu #TechNews #Wayland #DevOps #SelfHosting #ArchLinux #Debian #LinuxAdmin #LinuxTips #LinuxMint #Fedora #PopOS #GNULinux #CloudComputing #GNU #BSD #FreeBSD #OpenBSD
-
Is Node.js the future of backend development, or just a beautifully wrapped grenade?
Lately, I see more and more backend systems, yes, even monoliths, built entirely in Node.js, sometimes with server-side rendering layered on top. These are not toy projects. These are services touching sensitive PII data, sometimes in regulated industries.
When I first used Node.js years ago, I remember:
• Security concepts were… let’s say aspirational.
• Licensing hell due to questionable npm dependencies.
• Tests were flaky, with mocking turning into dark rituals.
• Behavior of libraries changed weekly like socks, but more dangerous.
• Internet required to run a “local” build. How comforting.Even with TypeScript, it all melts back into JavaScript at runtime, a language so flexible it can hang itself.
Sure, SSR and monoliths can simplify architecture. But they also widen the attack surface, especially when:
• The backend is non-compiled.
• Every endpoint is a potential open door.
• The system needs Node + a fleet of dependencies + a container + prayer just to run.Compare that to a compiled, stateless binary that:
• Runs in a scratch container.
• Requires zero runtime dependencies.
• Has encryption at rest, in transit, and ideally per-user.
• Can be observed, scaled, audited, stateless and destroyed with precision.I’ve shipped frontends that are static, CDN-delivered, secure by design, and light enough to fit on a floppy disk. By running them with Node, I’m loading gigabytes of unknown tooling to render “Hello, user”.
So I wonder:
Is this the future? Or am I just… old?Are we replacing mature, scalable architectures with serverless spaghetti and 12-factor mayhem because “it works on Vercel”?
Tell me how you build secure, observable, compliant systems in Node.js.
Genuinely curious.
Mildly terrified and maybe old.#NodeJS #BackendSecurity #SecureCoding #PII #Compliance #SoftwareArchitecture #ServerSideRendering #TypeScript #Java #Kotlin #Golang #Erlang #Ruby #Scalability #Observability #DevSecOps #LegacyVsModern #SecureByDesign #CompiledLanguages #CloudArchitecture #StatelessDesign #SecurityTheatre #TechSatire #LinkedInTechRant
-
Putting the dampener on tamperers – Source: news.sophos.com https://ciso2ciso.com/putting-the-dampener-on-tamperers-source-news-sophos-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Products&Services #tamperprotection #securebydesign #SecurebyDesign #nakedsecurity #nakedsecurity
-
🕯️ Behind the Code: Why Open Source Matters for Small Business Survival #OpenSource #Cybersecurity #SmallBusinessSecurity #DigitalFreedom #TransparentTech #PrivacyMatters #SecureByDesign #FOSS #InfoSec #SecurityAwareness #DataProtection #ZeroTrust #AuditTheCode #OpenSourceSecurity #TrustButVerify #TechTransparency #MatrixProtocol #Passbolt #Bitwarden #Nextcloud #OpenSourceTools #SecurityFirst #DigitalSovereignty #TechEthics #SecurityForAll
-
🕯️ Behind the Code: Why Open Source Matters for Small Business Survival #OpenSource #Cybersecurity #SmallBusinessSecurity #DigitalFreedom #TransparentTech #PrivacyMatters #SecureByDesign #FOSS #InfoSec #SecurityAwareness #DataProtection #ZeroTrust #AuditTheCode #OpenSourceSecurity #TrustButVerify #TechTransparency #MatrixProtocol #Passbolt #Bitwarden #Nextcloud #OpenSourceTools #SecurityFirst #DigitalSovereignty #TechEthics #SecurityForAll
-
🕯️ Behind the Code: Why Open Source Matters for Small Business Survival #OpenSource #Cybersecurity #SmallBusinessSecurity #DigitalFreedom #TransparentTech #PrivacyMatters #SecureByDesign #FOSS #InfoSec #SecurityAwareness #DataProtection #ZeroTrust #AuditTheCode #OpenSourceSecurity #TrustButVerify #TechTransparency #MatrixProtocol #Passbolt #Bitwarden #Nextcloud #OpenSourceTools #SecurityFirst #DigitalSovereignty #TechEthics #SecurityForAll
-
Whispers in the Wire: Cybersecurity for Small Businesses in a World of Big Threats #Cybersecurity #SmallBusinessSecurity #DigitalDefense #ITSecurity #OpSec #CyberHygiene #DataProtection #InfoSec #PhishingAwareness #MFA #Backups #PasswordSecurity #OpenSourceSecurity #RansomwareProtection #DeadSwitch #TomsITCafe #PrivacyMatters #ThreatIntel #CyberResistance #SecureByDesign
-
КИИ. Что это за зверь и надо ли нам его бояться
Всем привет! Меня зовут Елена Галата. Сегодня я бы хотела поговорить о том, что такое КИИ и как это понятие связано с компаниями, которые занимаются разработкой промышленного ПО. Я уже много лет в разработке и в последнее время занимаюсь приложениями, в основном связанными со сбором данных с различных приборов, АСУТП, и других информационных систем предприятий. Поскольку наши компоненты довольно часто работают в зоне критической инфраструктуры заказчиков, тема КИИ мне близка. Сама по себе это довольно обширная и сложная область, но я хотела бы затронуть ее небольшую часть, касающуюся разработки ПО.
https://habr.com/ru/companies/zyfra/articles/866230/
#информационная_безопасность #кии #securebydesign #критическая_инфраструктура #уязвимости #безопасная_разработка #безопасность #разработка_по #кибербезопасность #кибератаки
-
Australia’s ACSC and ASD Team Up with CISA, NSA, FBI, and International Allies to Protect Communications Infrastructure – Source:cyble.com https://ciso2ciso.com/australias-acsc-and-asd-team-up-with-cisa-nsa-fbi-and-international-allies-to-protect-communications-infrastructure-sourcecyble-com/ #rssfeedpostgeneratorecho #1CyberSecurityNewsPost #rssfeedsAutogenerated #CyberSecurityNews #hardeningguidance #securebydesign #Vulnerability #CybleBlog #'Cyber #ACSC #CISA #ASD #FBI #NSA
-
Australia’s ACSC and ASD Team Up with CISA, NSA, FBI, and International Allies to Protect Communications Infrastructure https://cyble.com/blog/global-agencies-release-new-hardening-guidance/ #hardeningguidance #securebydesign #Vulnerability #ACSC #CISA #ASD #FBI #NSA
-
AI Red Teaming in Focus: Why CISA Advocates a Secure by Design Approach https://thecyberexpress.com/cisa-ai-red-teaming/ #TheCyberExpressNews #CyberEssentials #AITEVVframework #AIbasedsoftware #TheCyberExpress #SecurebyDesign #FirewallDaily #AIevaluations #TEVVpractices #AIRedTeaming #AIsecurity #CyberNews #AIsystems #CISA
-
Product Security Bad Practices
A Bit of Security for October 25, 2024
The CISA and FBI jointly released a list of Ten Bad Ideas to avoid when you write code. Listen to this - https://www.youtube.com/watch?v=D33p6J3fneU&list=PLL-4otqezHCGah_UWr6FjSdYhvgKqByLF&index=1
Let me know what you think in the comments below.
#cybersecuritytips #safecode #CIE #securebydemand #securebydesign #badcode #BitofSec