fsebugoutzone.org:9999

       Posts by nintegge@post.lurk.org
 (DIR) Post #AFZVMXwEVeEzwhIPtg by nintegge@post.lurk.org
       2022-01-17T17:40:38Z
       
       0 likes, 0 repeats
       
       @rra @neauoire @cblgh @l03s I would also be in if that is of help
       
 (DIR) Post #AFZVMYMSw7DzG3ZMmm by nintegge@post.lurk.org
       2022-01-17T17:47:10Z
       
       0 likes, 0 repeats
       
       @rra @neauoire @cblgh @l03s here is a pad to start weaving a text: https://pad.riseup.net/p/Uxn-limits-paper-2022
       
 (DIR) Post #AG45Xiadw4VY9Td4xk by nintegge@post.lurk.org
       2022-02-02T11:37:16Z
       
       0 likes, 0 repeats
       
       @wolf480pl 1. have an inventory of your software in use (and who is responsible for it), 2. Fetch the new CVEs via RSS, 3. Match against your inventory and notify people if need be. This is how I did it.
       
 (DIR) Post #AG4D9do0YvFLt1AE0e by nintegge@post.lurk.org
       2022-02-02T13:02:34Z
       
       0 likes, 0 repeats
       
       @wolf480pl in general or relevant ones?
       
 (DIR) Post #AG4HlXaJTwdXqjcXho by nintegge@post.lurk.org
       2022-02-02T13:54:13Z
       
       0 likes, 0 repeats
       
       @wolf480pl about five a day.
       
 (DIR) Post #AG4bIsiDqiqs3pvpRY by nintegge@post.lurk.org
       2022-02-02T17:32:43Z
       
       0 likes, 0 repeats
       
       @wolf480pl there is a person in charge to handle vulnerabilities. Mind you the organisation I worked for had about a hundred people of technical staff. So you will have different levels of maturity handling security issues.
       
 (DIR) Post #AG4bRA8svdzkR5Lriy by nintegge@post.lurk.org
       2022-02-02T17:34:40Z
       
       0 likes, 0 repeats
       
       @wolf480pl don’t focus too much on the numbers. Have an inventory of your tech stack and you have a good basis to work from. The rest can be tacked on top as the need arises.
       
 (DIR) Post #AG4gXEm77IyUJQPtTc by nintegge@post.lurk.org
       2022-02-02T18:31:47Z
       
       0 likes, 0 repeats
       
       @wolf480pl @lanodan well, if you have that mess of a dependency tree and can’t handle it, then the org can’t securely develop and/provide software. If you are the person with whom this bucket stop, then escalate to management. If security is something of significance to them, then they should give you appropriate resources. Otherwise it is a sinking ship as pointed out.
       
 (DIR) Post #AG4i932NJ0mcrncFvs by nintegge@post.lurk.org
       2022-02-02T18:49:48Z
       
       0 likes, 0 repeats
       
       @wolf480pl @lanodan I recommend to try, because then you have data (tailored to your org). I advise picking the most valuable application/docker image (in terms of making money) and try to track all CVEs related to it. There the inventory is small and filtering becomes easier to be automated.
       
 (DIR) Post #AGskedY3jFXdhwKktM by nintegge@post.lurk.org
       2022-02-26T20:11:41Z
       
       0 likes, 0 repeats
       
       @Seirdy what about the results in “post quantum cryptography” like https://pqcrypto.org  or https://openquantumsafe.org. ?
       
 (DIR) Post #AScS6JTtyy47bd8afo by nintegge@post.lurk.org
       2023-02-12T23:55:23Z
       
       0 likes, 0 repeats
       
       @tante chapeau!
       
 (DIR) Post #AYAE0jo7GxlUnFiMLY by nintegge@post.lurk.org
       2023-07-28T20:16:15Z
       
       0 likes, 0 repeats
       
       @simon good point 🤔 it should be an expression of algorithmic empathy