Being better informed on security topics
A friend emailed me yesterday saying he was ‘trying to be better informed on security topics’ and asking for suggestions on blogs etc. Here’s my reply… For security stuff first read (or at least skim)...
View ArticleInfoQ – Docker 1.8 Release with Multiple New Tools
Docker inc. have announced the release of Docker 1.8, which brings with it some new and updated tools in addition to new engine features. Docker Toolbox provides a packaged system aiming to be, ‘the...
View ArticleInfoQ – Twistlock Announce General Availability of Container Security Suite
Twistlock have announced the general availability of their Container Security Suite, along with a partnership with Google Cloud Platform that integrates Twistlock into Google Container Engine (GKE)....
View ArticleInfoQ – Docker Security Scanning
Docker Inc have announced general availability of Docker Security Scanning, which was previously known as Project Nautilus. The release comes alongside an update to the CIS Docker Security Benchmark to...
View ArticleAsus Tinker Board – First Impressions
My Asus Tinker Board arrived yesterday from CPC, and I did a quick tweet with unboxing photos. Having taken it for a quick test drive here are my first impressions based on running up their Debian...
View ArticleInfoQ – Cloudbleed – Cloudflare Proxies Memory Leak
A buffer overflow bug has caused a small number of requests to Cloudflare proxies to leak data from unrelated requests, including potentially sensitive data such as passwords and other secrets. The...
View ArticleFailure of Imagination
The Spectre and Meltdown bugs have been billed as a ‘failure of imagination’, where the hardware designers simply didn’t conceive of the possibility that a performance optimisation might lead to a...
View ArticleValidScript – a modest proposal for app security
TL;DR Bad input validation is the main underlying cause of many application security issues, because we haven’t made it easy enough for developers to implement good input validation. So how about a...
View ArticleImplementing OSSF Scorecards Across a GitHub Organisation
TL;DR OSSF Scorecards provide a visible badge that lets people see that an open source repo is adhering to a set of practices that minimise risks, measured by a set of automated checks. Getting this...
View Article
More Pages to Explore .....