home.social

#securitybydesign — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #securitybydesign, aggregated by home.social.

  1. Erfrischend ausgewogene Einordnung von Anthropics generativem LLM Mythos, das auf das Finden von Sicherheitslücken trainiert ist. Zwischen Katastrophen-Porno und dem üblichen Ignorieren könnte dies der Weckruf sein, endlich konsequent IT-Sicherheit und Security by Design ernst zu nehmen. derstandard.de/story/300000031

    #ITSicherheit #SecurityByDesign #Mythos

  2. 🇪🇺📢 As #ChatControl will hopefully end, a new study proves mass scanning tech is flawed & easily evaded. 🔬

    To truly protect kids now, we must shift from broken algorithms to targeted police work 🕵️‍♂️ and strict #SecurityByDesign 🛡️.

    Read: patrick-breyer.de/en/end-of-ch

  3. 🇩🇪📢 Neue Studie passend zum mgl. #Chatkontrolle-Aus: Massenscan-Technik ist fehlerhaft und leicht zu umgehen. 🔬

    Um Kinder jetzt wirklich zu schützen, brauchen wir gezielte Ermittlungen 🕵️‍♂️ und sichere Apps #SecurityByDesign 🛡️.

    Infos: patrick-breyer.de/ende-der-cha

  4. Mi-Co: anatomia della security nell'Olimpiade piu' complessa di sempre: di Ilaria Garaffoni Milano-Cortina 2026 non e' solo un evento monster: e' un esperimento di ingegneria organizzativa, territoriale e di sicurezza integrata. In questo cantiere di complessita' - fatto di citta' che non dormono, fiere che si susseguono, montagne che non perdonano e infrastrutture diverse...
    #Mi-Co #security #olimpiade #IlariaGaraffoni #securitybydesign dlvr.it/TQtssz

  5. Mi-Co: anatomia della security nell'Olimpiade piu' complessa di sempre: di Ilaria Garaffoni Milano-Cortina 2026 non e' solo un evento monster: e' un esperimento di ingegneria organizzativa, territoriale e di sicurezza integrata. In questo cantiere di complessita' - fatto di citta' che non dormono, fiere che si susseguono, montagne che non perdonano e infrastrutture diverse...
    #Mi-Co #security #olimpiade #IlariaGaraffoni #securitybydesign dlvr.it/TQtssz

  6. 🏋️ 𝗡𝗼𝗿𝘁𝗵𝗦𝗲𝗰 𝟮𝟬𝟮𝟲 𝗙𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻𝘀/𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴𝘀 (𝟮/𝟭𝟮): "Beyond Whiteboard Hacking: Master AI-Enhanced Threat Modeling" 𝗽𝗮𝗿/𝗯𝘆 Steven Wierckx (Toreon)

    📅 Dates: May 11 and 12, 2026 (2 days)
    📊 Difficulty: Medium
    🖥️ Mode: On-Site

    Description: "𝘛𝘩𝘪𝘴 𝘵𝘳𝘢𝘪𝘯𝘪𝘯𝘨 𝘵𝘢𝘬𝘦𝘴 𝘺𝘰𝘶 𝘥𝘦𝘦𝘱 𝘪𝘯𝘵𝘰 𝘵𝘩𝘦 𝘱𝘳𝘢𝘤𝘵𝘪𝘤𝘢𝘭 𝘸𝘰𝘳𝘭𝘥 𝘰𝘧 𝘵𝘩𝘳𝘦𝘢𝘵 𝘮𝘰𝘥𝘦𝘭𝘪𝘯𝘨, 𝘤𝘰𝘮𝘣𝘪𝘯𝘪𝘯𝘨 𝘩𝘢𝘯𝘥𝘴-𝘰𝘯 𝘦𝘹𝘦𝘳𝘤𝘪𝘴𝘦𝘴 𝘢𝘯𝘥 𝘳𝘦𝘢𝘭-𝘸𝘰𝘳𝘭𝘥 𝘴𝘤𝘦𝘯𝘢𝘳𝘪𝘰𝘴. 𝘛𝘩𝘪𝘴 𝘩𝘢𝘯𝘥𝘴-𝘰𝘯 𝘵𝘩𝘳𝘦𝘢𝘵 𝘮𝘰𝘥𝘦𝘭𝘪𝘯𝘨 𝘵𝘳𝘢𝘪𝘯𝘪𝘯𝘨 𝘰𝘧𝘧𝘦𝘳𝘴 𝘢𝘯 𝘪𝘮𝘮𝘦𝘳𝘴𝘪𝘷𝘦 𝘦𝘹𝘱𝘦𝘳𝘪𝘦𝘯𝘤𝘦, 𝘨𝘳𝘰𝘶𝘯𝘥𝘦𝘥 𝘪𝘯 25 𝘺𝘦𝘢𝘳𝘴 𝘰𝘧 𝘱𝘳𝘢𝘤𝘵𝘪𝘤𝘢𝘭 𝘦𝘹𝘱𝘦𝘳𝘵𝘪𝘴𝘦, 𝘢𝘯𝘥 𝘳𝘦𝘧𝘪𝘯𝘦𝘥 𝘧𝘰𝘳 𝘰𝘷𝘦𝘳 𝘢 𝘥𝘦𝘤𝘢𝘥𝘦 𝘰𝘧 𝘥𝘦𝘭𝘪𝘷𝘦𝘳𝘺 𝘢𝘵 𝘉𝘭𝘢𝘤𝘬 𝘏𝘢𝘵, 𝘢𝘷𝘰𝘪𝘥𝘪𝘯𝘨 𝘢 𝘭𝘦𝘤𝘵𝘶𝘳𝘦-𝘩𝘦𝘢𝘷𝘺 𝘢𝘱𝘱𝘳𝘰𝘢𝘤𝘩 (70% 𝘰𝘧 𝘵𝘩𝘦 𝘤𝘰𝘶𝘳𝘴𝘦 𝘪𝘴 𝘧𝘰𝘤𝘶𝘴𝘦𝘥 𝘰𝘯 𝘦𝘹𝘦𝘳𝘤𝘪𝘴𝘦𝘴 𝘵𝘰 𝘳𝘦𝘪𝘯𝘧𝘰𝘳𝘤𝘦 𝘭𝘦𝘢𝘳𝘯𝘪𝘯𝘨). 𝘉𝘺 𝘵𝘩𝘦 𝘦𝘯𝘥 𝘰𝘧 𝘵𝘩𝘪𝘴 𝘵𝘳𝘢𝘪𝘯𝘪𝘯𝘨, 𝘺𝘰𝘶 𝘸𝘪𝘭𝘭 𝘸𝘢𝘭𝘬 𝘢𝘸𝘢𝘺 𝘯𝘰𝘵 𝘫𝘶𝘴𝘵 𝘸𝘪𝘵𝘩 𝘬𝘯𝘰𝘸𝘭𝘦𝘥𝘨𝘦, 𝘣𝘶𝘵 𝘵𝘩𝘦 𝘢𝘣𝘪𝘭𝘪𝘵𝘺 𝘵𝘰 𝘱𝘳𝘢𝘤𝘵𝘪𝘤𝘦 𝘵𝘩𝘳𝘦𝘢𝘵 𝘮𝘰𝘥𝘦𝘭𝘪𝘯𝘨 𝘦𝘧𝘧𝘦𝘤𝘵𝘪𝘷𝘦𝘭𝘺 𝘪𝘯 𝘺𝘰𝘶𝘳 𝘰𝘳𝘨𝘢𝘯𝘪𝘻𝘢𝘵𝘪𝘰𝘯. "
    🔗 Full Training Details: nsec.io/training/2026-beyond-w

    👨‍🏫 About the trainer:
    Steven Wierckx (Toreon) is a seasoned software and security tester with 15 years of experience in programming, security testing, source code review, test automation, functional and technical analysis, development, and database design. Steven shares his web application security passion by writing about and through training on testing software for security problems, secure coding, security awareness, security testing, and threat modeling. He’s the OWASP Threat Modeling Project Lead and organises the BruCON student CTF. Last year, he spoke at Hack in the Box Amsterdam, hosted a workshop at BruCON, and provided threat modeling training at OWASP AppSec USA and O’Reilly Security New York.

    #NorthSec #cybersecurity #threatmodeling #AIsecurity #LLM #DevOps #securitybydesign

  7. Serverless SaaSless Networking: Building the Future Today

    In the realm of serverless SaaSless networking, an architect doesn’t have to work in concrete. Some of us design networks.

    Right now, the work I care about most is serverless, SaaSless networking: systems that run without a central point of truth and without a compulsory platform sitting in the middle. In other words, this approach builds the future today by making infrastructure that survives churn, pricing shifts, policy drift, and the sudden disappearance of a dependency everyone assumed would last forever.

    Privacy follows from that choice. When the architecture stops funneling everything through a choke point, surveillance becomes harder, leakage becomes less likely, and “quiet repurposing” becomes far less tempting.

    Cloud still has a place. However, forced dependence creates fragility.

    A product that requires permanent permission from a third party isn’t really a product. Instead, it becomes a subscription to someone else’s stability.

    What “serverless” and “SaaSless” mean in this context

    Marketing turned “serverless” into a synonym for “someone else runs servers.” That model works for plenty of teams, yet it misses the deeper principle.

    In this context, serverless means the network does not rely on a central server as the point of truth. Peers should discover each other, authenticate, exchange data, and recover without routing everything through a single authority.

    Likewise, SaaSless means the core capability does not depend on an always-on subscription platform. Basic function should not sit behind tiers. Data should not live inside a proprietary dashboard with no clean exit. When a vendor can throttle, cut off, or reshape capability through closed APIs, control disappears.

    That’s where architecture matters. It draws the line between a tool you own and a leash you tolerate.

    A better metaphor than “roads versus theme parks” is public roads versus toll roads.

    Public roads act as infrastructure. Anyone can use them, routes stay flexible, and no single company gets to decide who is allowed to travel. Toll roads can help too, but the experience changes the moment a gate sits in the middle. Then prices rise, rules shift, and access tightens. As a result, the journey starts depending on the operator’s incentives instead of the traveler’s needs.

    That’s what SaaS-by-default networking creates. Movement still happens, but the gatekeeper sets the terms.

    Why privacy becomes inevitable once the choke point disappears

    Centralization attracts data. Then data attracts risk. Over time, risk becomes a breach email full of regret.

    A privacy-first system takes a quieter path. It collects less, retains less, processes closer to the user, and reduces the number of places sensitive material can leak or be copied. Because of that, teams earn trust through engineering, not performance.

    People don’t experience their lives as “data.” They experience messages, drafts, searches, locations, relationships, and decisions. So systems should treat those things with the seriousness they deserve.

    Web3 identity, without the hype cycle

    Web3 marketing created a mess, and the noise turns people off. Still, user-owned identity remains practical.

    Most online identity works like a rental. Access can vanish. History can lock up. A policy change can turn an account into a liability overnight.

    User-owned identity flips that relationship. A cryptographic anchor under the user’s control changes authentication from permission to proof. Additionally, it supports delegation, roles, and verification in ways auditors can check.

    If a network aims to outlive trends, it needs identity built on owned ground, not rented ground.

    Localized AI completes the design

    Localized AI makes the whole approach feel coherent.

    Privacy-first design does not pair well with exporting sensitive prompts to third-party model APIs by default. Instead, running models on-device, on-prem, or inside controlled infrastructure keeps private inputs inside a boundary you can actually defend.

    The practical benefits show up fast. You get lower latency, predictable costs, and fewer moving parts. You also reduce exposure to training pipelines you cannot properly audit. Most importantly, the boundary stays intact, and thought stays close to home.

    For that reason, localized AI belongs in the architecture, not as a bolt-on feature.

    The future worth normalizing

    Here’s the normal worth building:

    • Identity stays portable.
    • Data stays minimal and encryptable.
    • Networks keep functioning when vendors disappear.
    • AI runs locally for sensitive workflows.
    • Audit trails stay verifiable, not vibes.

    None of this requires utopian thinking. Instead, it requires disciplined engineering.

    Call to action

    Pick one place in your stack where a platform sits in the middle by default.

    Then run three questions against it:

    1. Can you remove the dependency without breaking the core function?
    2. Can you keep sensitive data inside your boundary?
    3. Can users prove identity without renting it?

    A single “yes” signals progress. Two points to direction. Three makes the future arrive early.

    Privacy First. Security Always. Not as branding. As architecture.

    If this resonates, share it with someone who builds systems for real users. Also, drop a comment with the one dependency you’d love to remove in 2026, or the one privacy-first change you plan to ship first. I read the replies and I’ll respond.

    Key Takeaways

    • Serverless SaaSless networking eliminates reliance on central authorities, allowing autonomy and privacy in data management.
    • This architecture minimizes risk by decentralizing data collection and reducing points of possible leakage.
    • User-owned identity enhances security, transforming authentication from permission-based to proof-based.
    • Localized AI integration ensures sensitive data remains secure and allows for efficient processing without third-party dependencies.
    • The article encourages assessing existing platform dependencies to foster a more privacy-focused and resilient system architecture.
    #auditTrails #autonomy #decentralizedIdentity #DID #edgeAI #encryption #localizedAI #metadataPrivacy #onDeviceAI #platformlessNetworking #privacyFirst #resilience #securityByDesign #serverlessSaaSlessNetworking #VerifiableCredentials #Web3Identity
  8. Computer Security Day 2025: Fraunhofer FOKUS und das @Weizenbaum_Institut betonen digitale Resilienz für Staat, Wirtschaft & Gesellschaft. Cyberangriffe und Regulierung erfordern #SecurityByDesign und Zusammenarbeit aller Akteure: ➡️ fokus.fraunhofer.de/de/newsroo

    #Cybersecurity #Cybersicherheit #SecurityByDesign

  9. 𝗜𝗻𝘁𝗲𝗿𝘃𝗶𝗲𝘄 𝘄𝗶𝘁𝗵 𝘁𝗵𝗲 𝗖𝘂𝗿𝗮𝘁𝗼𝗿𝘀 𝗼𝗳 𝘁𝗵𝗲 𝗡𝗲𝘄 𝗖𝗣𝗦𝗔-𝗔 𝗠𝗼𝗱𝘂𝗹𝗲 𝗘𝗠𝗕𝗘𝗗𝗗𝗘𝗗𝗦𝗘𝗖! 🔐

    We spoke with Felix Bräunling and Isabella Stilkerich about the new Advanced Level module #EmbeddedSecurity for Architects. They share why embedded security matters, how safety and security intersect, and which skills architects need to design secure embedded systems.

    Dive into the full interview 👉 t1p.de/k3rzl

    #CPSA #AdvancedLevel #SoftwareArchitecture #EMBEDDEDSEC #SecurityByDesign #EmbeddedSystems #iSAQB

  10. 𝗜𝗻𝘁𝗲𝗿𝘃𝗶𝗲𝘄 𝘄𝗶𝘁𝗵 𝘁𝗵𝗲 𝗖𝘂𝗿𝗮𝘁𝗼𝗿𝘀 𝗼𝗳 𝘁𝗵𝗲 𝗡𝗲𝘄 𝗖𝗣𝗦𝗔-𝗔 𝗠𝗼𝗱𝘂𝗹𝗲 𝗘𝗠𝗕𝗘𝗗𝗗𝗘𝗗𝗦𝗘𝗖! 🔐

    We spoke with Felix Bräunling and Isabella Stilkerich about the new Advanced Level module #EmbeddedSecurity for Architects. They share why embedded security matters, how safety and security intersect, and which skills architects need to design secure embedded systems.

    Dive into the full interview 👉 t1p.de/k3rzl

    #CPSA #AdvancedLevel #SoftwareArchitecture #EMBEDDEDSEC #SecurityByDesign #EmbeddedSystems #iSAQB

  11. 𝗜𝗻𝘁𝗲𝗿𝘃𝗶𝗲𝘄 𝘄𝗶𝘁𝗵 𝘁𝗵𝗲 𝗖𝘂𝗿𝗮𝘁𝗼𝗿𝘀 𝗼𝗳 𝘁𝗵𝗲 𝗡𝗲𝘄 𝗖𝗣𝗦𝗔-𝗔 𝗠𝗼𝗱𝘂𝗹𝗲 𝗘𝗠𝗕𝗘𝗗𝗗𝗘𝗗𝗦𝗘𝗖! 🔐

    We spoke with Felix Bräunling and Isabella Stilkerich about the new Advanced Level module #EmbeddedSecurity for Architects. They share why embedded security matters, how safety and security intersect, and which skills architects need to design secure embedded systems.

    Dive into the full interview 👉 t1p.de/k3rzl

    #CPSA #AdvancedLevel #SoftwareArchitecture #EMBEDDEDSEC #SecurityByDesign #EmbeddedSystems #iSAQB

  12. 𝗜𝗻𝘁𝗲𝗿𝘃𝗶𝗲𝘄 𝘄𝗶𝘁𝗵 𝘁𝗵𝗲 𝗖𝘂𝗿𝗮𝘁𝗼𝗿𝘀 𝗼𝗳 𝘁𝗵𝗲 𝗡𝗲𝘄 𝗖𝗣𝗦𝗔-𝗔 𝗠𝗼𝗱𝘂𝗹𝗲 𝗘𝗠𝗕𝗘𝗗𝗗𝗘𝗗𝗦𝗘𝗖! 🔐

    We spoke with Felix Bräunling and Isabella Stilkerich about the new Advanced Level module #EmbeddedSecurity for Architects. They share why embedded security matters, how safety and security intersect, and which skills architects need to design secure embedded systems.

    Dive into the full interview 👉 t1p.de/k3rzl

    #CPSA #AdvancedLevel #SoftwareArchitecture #EMBEDDEDSEC #SecurityByDesign #EmbeddedSystems #iSAQB

  13. 𝗜𝗻𝘁𝗲𝗿𝘃𝗶𝗲𝘄 𝘄𝗶𝘁𝗵 𝘁𝗵𝗲 𝗖𝘂𝗿𝗮𝘁𝗼𝗿𝘀 𝗼𝗳 𝘁𝗵𝗲 𝗡𝗲𝘄 𝗖𝗣𝗦𝗔-𝗔 𝗠𝗼𝗱𝘂𝗹𝗲 𝗘𝗠𝗕𝗘𝗗𝗗𝗘𝗗𝗦𝗘𝗖! 🔐

    We spoke with Felix Bräunling and Isabella Stilkerich about the new Advanced Level module #EmbeddedSecurity for Architects. They share why embedded security matters, how safety and security intersect, and which skills architects need to design secure embedded systems.

    Dive into the full interview 👉 t1p.de/k3rzl

    #CPSA #AdvancedLevel #SoftwareArchitecture #EMBEDDEDSEC #SecurityByDesign #EmbeddedSystems #iSAQB

  14. Die #Denkwerkstatt2025 steht vor der Tür! Diskutiert mit uns über die Zukunft der #Cybersicherheit und entscheidet über die neuen Workstreams. Grundlage: 12 Ideen-Skizzen, von denen zwei in agile Projekte überführt werden. Die Bandbreite reicht von #ThreatIntelligence für die öffentliche Hand, über #ZeroTrust an der Hochschule bis zu #SecurityByDesign in #KI. Seid am 14. und 15. November in Berlin dabei. 👉 dialog-cybersicherheit.de/denk

    #DiCySi

  15. Die #Denkwerkstatt2025 steht vor der Tür! Diskutiert mit uns über die Zukunft der #Cybersicherheit und entscheidet über die neuen Workstreams. Grundlage: 12 Ideen-Skizzen, von denen zwei in agile Projekte überführt werden. Die Bandbreite reicht von #ThreatIntelligence für die öffentliche Hand, über #ZeroTrust an der Hochschule bis zu #SecurityByDesign in #KI. Seid am 14. und 15. November in Berlin dabei. 👉 dialog-cybersicherheit.de/denk

    #DiCySi

  16. Die #Denkwerkstatt2025 steht vor der Tür! Diskutiert mit uns über die Zukunft der #Cybersicherheit und entscheidet über die neuen Workstreams. Grundlage: 12 Ideen-Skizzen, von denen zwei in agile Projekte überführt werden. Die Bandbreite reicht von #ThreatIntelligence für die öffentliche Hand, über #ZeroTrust an der Hochschule bis zu #SecurityByDesign in #KI. Seid am 14. und 15. November in Berlin dabei. 👉 dialog-cybersicherheit.de/denk

    #DiCySi

  17. Die #Denkwerkstatt2025 steht vor der Tür! Diskutiert mit uns über die Zukunft der #Cybersicherheit und entscheidet über die neuen Workstreams. Grundlage: 12 Ideen-Skizzen, von denen zwei in agile Projekte überführt werden. Die Bandbreite reicht von #ThreatIntelligence für die öffentliche Hand, über #ZeroTrust an der Hochschule bis zu #SecurityByDesign in #KI. Seid am 14. und 15. November in Berlin dabei. 👉 dialog-cybersicherheit.de/denk

    #DiCySi

  18. Die #Denkwerkstatt2025 steht vor der Tür! Diskutiert mit uns über die Zukunft der #Cybersicherheit und entscheidet über die neuen Workstreams. Grundlage: 12 Ideen-Skizzen, von denen zwei in agile Projekte überführt werden. Die Bandbreite reicht von #ThreatIntelligence für die öffentliche Hand, über #ZeroTrust an der Hochschule bis zu #SecurityByDesign in #KI. Seid am 14. und 15. November in Berlin dabei. 👉 dialog-cybersicherheit.de/denk

    #DiCySi

  19. Cybersecurity specialist Exein partners with Kontron to embed autonomous protection into industrial and IoT systems— two European tech companies joining forces just as the EU Cyber Resilience Act raises the bar for #SecurityByDesign.

    A big step toward digital sovereignty and resilience in connected industries.
    🔗 movetheneedle.news/technology/

    #Cybersecurity #DigitalSovereignty #EU #technology #business #industry

  20. Tara from Sovereign Tech Agency and Hugo will be hosting the next 'Memory Safety in the EU' meeting in Amsterdam, on Tue 26 Aug (during ).

    The meeting aims to finalise a statement on the importance of memory safety for security by design. This is a joint effort by several European stakeholders to put memory safety on the agenda of both industry and policy makers.

    Read more here: tweedegolf.nl/en/blog/160/upda

    @tarakiyee
    @sovtechfund

  21. 🔐 Vernetzte Geräte und Cybersicherheit: Viele Smart-Home-Produkte haben gravierende Sicherheitslücken, z.B. schwache Passwörter oder unverschlüsselte Datenübertragung. Neue EU-Funkrichtlinien ab 1. August sollen Standards verschärfen. Händler & Konsumenten sind gefragt! 👉 srf.ch/sendungen/kassensturz-e #Cybersicherheit #SmartHome #SecurityByDesign #IoT #newz

  22. One of our founding directors, Mike Eftimakis, sat down with Akshaya Asokan from Information Security Media Group (ISMG) to explore how CHERI is helping tackle one of cybersecurity’s biggest challenges: memory safety.

    CHERI (Capability Hardware Enhanced RISC Instructions) is a hardware-based approach to security, designed to prevent around 70% of today’s common vulnerabilities. Backed by industry leaders and the UK government, we're working to ensure global adoption across the electronics supply chain.

    Watch the interview to learn more about:

    💠 How CHERI addresses memory safety issues
    💠 Common hardware supply chain vulnerabilities
    💠 Progress on adoption by chipmakers
    💠 Scalability challenges associated with CHERI

    🎥 Watch the full interview: bankinfosecurity.com/uks-cheri

    #CHERI #CyberSecurity #HardwareSecurity #MemorySafety #SecurityByDesign #InfoSec

  23. 🔧 Right to repair, but not to fix security?

    Framework’s philosophy empowers users to open, upgrade, and repair their devices. But with great openness comes a security catch.

    On the Framework 13, pressing the chassis intrusion switch 10 times resets the BIOS, removing passwords, Secure Boot, and more.

    We flagged this to Framework. Their response?
    "It's a feature..."

    That’s risky. This reset might help with recovery, but it also hands an attacker physical access to critical settings.

    Kieran explains the issue, what this means for security, and how to protect your device.

    📌Read here: pentestpartners.com/security-b

    #RightToRepair #HardwareSecurity #FrameworkLaptop #BIOSReset #SecurityByDesign #CyberSecurity

  24. Are Web Components & Cybersecurity A Better Combo?

    I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.

    But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?

    Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?

    ---

    Quick context: I've got a #ReactJS #messagingApp (repo here: github.com/positive-intentions) and a separate #UIFramework (repo here: github.com/positive-intentions) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.

    FYI, same question's on Reddit here: reddit.com/r/ExperiencedDevs/c, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.

  25. Are Web Components & Cybersecurity A Better Combo?

    I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.

    But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?

    Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?

    ---

    Quick context: I've got a #ReactJS #messagingApp (repo here: github.com/positive-intentions) and a separate #UIFramework (repo here: github.com/positive-intentions) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.

    FYI, same question's on Reddit here: reddit.com/r/ExperiencedDevs/c, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.

  26. Are Web Components & Cybersecurity A Better Combo?

    I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.

    But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?

    Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?

    ---

    Quick context: I've got a #ReactJS #messagingApp (repo here: github.com/positive-intentions) and a separate #UIFramework (repo here: github.com/positive-intentions) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.

    FYI, same question's on Reddit here: reddit.com/r/ExperiencedDevs/c, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.

  27. Are Web Components & Cybersecurity A Better Combo?

    I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.

    But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?

    Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?

    ---

    Quick context: I've got a #ReactJS #messagingApp (repo here: github.com/positive-intentions) and a separate #UIFramework (repo here: github.com/positive-intentions) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.

    FYI, same question's on Reddit here: reddit.com/r/ExperiencedDevs/c, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.

  28. Are Web Components & Cybersecurity A Better Combo?

    I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.

    But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?

    Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?

    ---

    Quick context: I've got a #ReactJS #messagingApp (repo here: github.com/positive-intentions) and a separate #UIFramework (repo here: github.com/positive-intentions) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.

    FYI, same question's on Reddit here: reddit.com/r/ExperiencedDevs/c, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.

  29. Threat Modeling hilft, Risiken früh zu erkennen – bevor sie zum Problem werden. Frag dich im Design: Was kann schiefgehen? Wer könnte angreifen? So entsteht Software, die nicht nur funktioniert, sondern schützt.

    Basierend auf: "Threat Modeling" von Adam Shostack.
    #SecurityByDesign #ThreatModeling

  30. 🌍⚡ IT-Security in komplexen Großprojekten – Vortrag auf der WINDFORCE Konferenz 2025

    Wir freuen uns, dass unser Kollege Jan Grotelüschen gemeinsam mit Simon Gustafson, Information Security Manager der Amprion GmbH, auf der WINDFORCE Konferenz in Bremerhaven sprechen wird! 🎤

    📅 Datum: 18. Juni 2025
    ⏰ Zeit: 9:30 – 10:30 Uhr (Vortragszeit: 20 Minuten)
    📍 Themenblock: KRITIS

    🔎 Thema des Vortrags:
    „Anspruch und Realität: IT-Security in komplexen Großprojekten am praktischen Beispiel“
    Am Beispiel der Offshore-Projekte BorWin/DolWin-4 sowie BalWin-1 und -2 geben die Referenten einen praxisnahen Einblick in die Herausforderungen und Erkenntnisse der IT-Security in Großprojekten.

    🏗️ Schwerpunkte des Vortrags:
    ✅ Überblick über relevante IT-Security-Regularien (EU-weit & national)
    ✅ Regulatorische Anforderungen für Betreiber, Hersteller und Integratoren
    ✅ Einblick in NIS-2, RCE, CRA, IT-SiG 2.0
    ✅ Lessons Learned aus den Phasen: Vorbereitung, Ausschreibung, Design & Implementierung

    🔗 Mehr zur WINDFORCE Konferenz: windforce.info/windforce-2025/

    Wir freuen uns auf spannende Diskussionen und den Austausch mit Fachkollegen!

    #ITSecurity #CyberSecurity #KRITIS #Energieinfrastruktur #OffshoreProjekte #NIS2 #ITSicherheitsgesetz #CyberResilience #Großprojekte #Amprion #Windforce2025 #Digitalisierung #ITCompliance #Energieversorgung #SecurityByDesign #Regulatorik #LessonsLearned

  31. 🌍⚡ IT-Security in komplexen Großprojekten – Vortrag auf der WINDFORCE Konferenz 2025

    Wir freuen uns, dass unser Kollege Jan Grotelüschen gemeinsam mit Simon Gustafson, Information Security Manager der Amprion GmbH, auf der WINDFORCE Konferenz in Bremerhaven sprechen wird! 🎤

    📅 Datum: 18. Juni 2025
    ⏰ Zeit: 9:30 – 10:30 Uhr (Vortragszeit: 20 Minuten)
    📍 Themenblock: KRITIS

    🔎 Thema des Vortrags:
    „Anspruch und Realität: IT-Security in komplexen Großprojekten am praktischen Beispiel“
    Am Beispiel der Offshore-Projekte BorWin/DolWin-4 sowie BalWin-1 und -2 geben die Referenten einen praxisnahen Einblick in die Herausforderungen und Erkenntnisse der IT-Security in Großprojekten.

    🏗️ Schwerpunkte des Vortrags:
    ✅ Überblick über relevante IT-Security-Regularien (EU-weit & national)
    ✅ Regulatorische Anforderungen für Betreiber, Hersteller und Integratoren
    ✅ Einblick in NIS-2, RCE, CRA, IT-SiG 2.0
    ✅ Lessons Learned aus den Phasen: Vorbereitung, Ausschreibung, Design & Implementierung

    🔗 Mehr zur WINDFORCE Konferenz: windforce.info/windforce-2025/

    Wir freuen uns auf spannende Diskussionen und den Austausch mit Fachkollegen!

    #ITSecurity #CyberSecurity #KRITIS #Energieinfrastruktur #OffshoreProjekte #NIS2 #ITSicherheitsgesetz #CyberResilience #Großprojekte #Amprion #Windforce2025 #Digitalisierung #ITCompliance #Energieversorgung #SecurityByDesign #Regulatorik #LessonsLearned

  32. ICYMI: “Every TWINSCAN EUV ships with ~45 million lines of code […] Bugfixes and features start out as *word documents* sent to a series of review boards…”

    Remember, kids: all this security nightmare can be fixed through the simple act of regulators demanding that security be implemented “by design”.

    Or not. Because “security by design” doesn’t mean anything.

    These are the machines which fabricate all the world’s major CPUs:

    https://twitter.com/lauriewired/status/1915162540868596081

    #bugs #securityByDesign #softwareEngineering

  33. Es kommt auf Hersteller und Entwickler an, um die Cyberesilienz in Deutschland und Europa zu stärken. Als BSI unterstützen wir euch in Sachen #CyberResilienceAct. Weitere Infos zum #CRA liefert euch der aktuelle Lagebericht zur IT-Sicherheit in Deutschland:➡️ bsi.bund.de/Lagebericht sowie unsere Webseite ➡️ bsi.bund.de/dok/CRA, die auch zu den Handreichungen führt.

    #LageKennenResilienzStärken #CybernationDeutschland #CRA #SecurityByDesign #SecurityByDefault

  34. Wir waren Teil der 5G.NRW-Jahreskonferenz. 🙌 Hier kamen Expertinnen und Experten aus Forschung, Wirtschaft und Politik zusammen, um über Chancen und Herausforderungen von #5G und #6G zu diskutieren.

    Unsere Präsidentin Claudia Plattner legte in ihrer Keynote einen klaren Fokus auf #Cybersecurity, Resilienz und Souveränität: Wir brauchen dringend #SecuritybyDesign – nur so können wir eine zukunftsfähige und vertrauenswürdige digitale Infrastruktur schaffen, die uns allen nachhaltig dient.

  35. Termintipp: #CRA - welche grundlegenden Anforderungen müssen Produkte mit digitalen Elementen für den Cyber Resilience Act erfüllen? Unser Experte Steven Arzt gibt einen Überblick in der #LunchLecture am 3.7. von 12 - 12.30 Uhr.
    Für Hersteller, Produktentwickler und alle, die sich für den Cyber Resilience Act interessieren.

    Hier geht es zur kostenfreien Anmeldung 👉 athene-center.de/aktuelles/ver
    #SecurityByDesign #CRA #LunchLecture

  36. Termintipp: #CRA - welche grundlegenden Anforderungen müssen Produkte mit digitalen Elementen für den Cyber Resilience Act erfüllen? Unser Experte Steven Arzt gibt einen Überblick in der #LunchLecture am 3.7. von 12 - 12.30 Uhr.
    Für Hersteller, Produktentwickler und alle, die sich für den Cyber Resilience Act interessieren.

    Hier geht es zur kostenfreien Anmeldung 👉 athene-center.de/aktuelles/ver
    #SecurityByDesign #CRA #LunchLecture

  37. Termintipp: #CRA - welche grundlegenden Anforderungen müssen Produkte mit digitalen Elementen für den Cyber Resilience Act erfüllen? Unser Experte Steven Arzt gibt einen Überblick in der #LunchLecture am 3.7. von 12 - 12.30 Uhr.
    Für Hersteller, Produktentwickler und alle, die sich für den Cyber Resilience Act interessieren.

    Hier geht es zur kostenfreien Anmeldung 👉 athene-center.de/aktuelles/ver
    #SecurityByDesign #CRA #LunchLecture

  38. Termintipp: #CRA - welche grundlegenden Anforderungen müssen Produkte mit digitalen Elementen für den Cyber Resilience Act erfüllen? Unser Experte Steven Arzt gibt einen Überblick in der #LunchLecture am 3.7. von 12 - 12.30 Uhr.
    Für Hersteller, Produktentwickler und alle, die sich für den Cyber Resilience Act interessieren.

    Hier geht es zur kostenfreien Anmeldung 👉 athene-center.de/aktuelles/ver
    #SecurityByDesign #CRA #LunchLecture

  39. Termintipp: #CRA - welche grundlegenden Anforderungen müssen Produkte mit digitalen Elementen für den Cyber Resilience Act erfüllen? Unser Experte Steven Arzt gibt einen Überblick in der #LunchLecture am 3.7. von 12 - 12.30 Uhr.
    Für Hersteller, Produktentwickler und alle, die sich für den Cyber Resilience Act interessieren.

    Hier geht es zur kostenfreien Anmeldung 👉 athene-center.de/aktuelles/ver
    #SecurityByDesign #CRA #LunchLecture

  40. Security (b)log: Vlagvertoon
    Op tv kun je lachen om mensen die door een fout tegen de grond klappen. Halen wij ook dat soort stunts uit?
    #SecurityByDesign #fouten

    GBBW: kritiek op Microsoft | back-ups nog belangrijker | hacker legde heel land plat |meer
    securityblogpatrick.blogspot.c