🔒 The opportunity: application threat modeling & secure design review is one of the highest value appsec/prodsec activities, but is hard to implement efficiently and at scale.
A bad solution: provide a long list of controls that need to be checked each time
A better solution: generate relevant security requirements automatically based on what’s being built
Met with primesec yesterday, and this is what they are trying to do! They are using LLM to read what’s in your user stories (etc.), summarizing the work for the security team, and injecting specific security control requirements.
If this catches even a small portion of the real requirements, it would be a major uplift for teams both from a security and efficiency perspective. Looking forward to checking it out.
My driver’s favorite (?) jam came on and he started pumping the break pedal to to the music.
At least we were at a stoplight?
(It was “Gonna Make You Sweat” aka “Everybody Dance Now” by C&C Music Factory)
🔒 Met with the folks from Pangea yesterday.
Looks like it could be an interesting solution for:
- small developer orgs that don’t have time or expertise to deal with common security needs
- large developer orgs that need consistency, scale, and governance of their security capabilities
🔒 Just left Silicon Valley Bank.
Did not know they still existed!
Are there micro.blog themes well-suited to the single-page sites?
(E.g. use the “site title” instead of my username, don’t try to add a “follow on micro.blog” etc.)
Do the right thing
Even if other people don’t
h/t [@ayjay](https://micro.blog/ayjay)“Content Creator” is a title that inadvertently tells on itself. It’s a tacit admission that the nature of the “content“ is meaningless and it exists to fill space. Might as well call yourself “Stuff Maker” or “Thing Doer.”
I’m at AppSec San Francisco this week.
Mute that “🔒” tagmoji if you don’t want to hear about it.
Send me a message if you want to meet up.
Vision Zero in Indianapolis is not off to a good start. Per the ordinance, the Vision Zero Task Force was supposed to hold their first (public) meeting by October 1st. Imagine our surprise when we learned that the Task Force met yesterday, in private instead. Not only that, but the members of the Task Force are still unknown as they have not yet been announced.
We demand transparency from the Vision Zero Task Force.
#IndyPedestrianSafetyCrisis #Indianapolis #Indiana #HoosierMast #HoosierSocial
I will never not find it funny when soft drink dispensers have Ice-T and Ice Cube jokes.
Ok, our extended family is probably 1% of this. How about you?
H/T Dense Discovery
Have you ever had a surge protector sort of die?
A number of our devices connected to one stopped being powered, but the protector itself still had it’s “go” light on.
🎶 This year’s “goodbye summer” selection: American Arson - The Water Will Rise
Heading to Mounds for the Equinox! 🌚🌞
So much critter activity on the outdoor camera last night. I think they liked the rain!
🎲 newest addition to the “cool cloth-bound RPG books” collection: Ave Nox
Unfortunately the logo is not centered, but otherwise very rad.
🚲 notes:
- I’ve been commuting on the Monon enough that I’m starting to recognize people
- Today was the first day of significant “leaf crunch” while I rode
I think this is the first major iOS update where my battery life got better instead of worse.
