Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://hachyderm.io/users/shortridge/statuses/112813032900769755">Kelly Shortridge (shortridge@hachyderm.io)'s status on Monday, 22-Jul-2024 22:42:25 JST</a><a href="https://hachyderm.io/@shortridge" title="shortridge@hachyderm.io"><img src="https://gnusocial.jp/avatar/110096-48-20230329094233.webp" width="48" height="48" alt="Kelly Shortridge" style="position: absolute; left: 0; top: 0;">Kelly Shortridge</a><div><a href="https://hachyderm.io/@shortridge/112813022742284016" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p>this is why I’ve side eyed any federal document about software <a href="https://hachyderm.io/tags/security" rel="tag">#security</a>, quality, or <a href="https://hachyderm.io/tags/resilience" rel="tag">#resilience</a> that demonizes open source software while touting the virtues of commercial cybersecurity products</p><p>as if those products aren’t notorious for deep access + flimsy quality…</p><p>I’ve written about this concern in two separate RFIs to CISA et al (with co-conspirator <a href="https://hachyderm.io/@rpetrich">@rpetrich</a>)</p><p>1) on OSS security <a href="https://kellyshortridge.com/blog/posts/rfi-open-source-security-response/" rel="nofollow noreferrer">https://kellyshortridge.com/blog/posts/rfi-open-source-security-response/</a></p><p>2) on secure by design <a href="https://kellyshortridge.com/blog/posts/rfi-secure-by-design-response/" rel="nofollow noreferrer">https://kellyshortridge.com/blog/posts/rfi-secure-by-design-response/</a></p><p> <a href="https://hachyderm.io/tags/crowdstrike" rel="tag">#crowdstrike</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3398274#notice-6710644">In conversation</a><time datetime="2024-07-22T22:42:25+09:00" title="Monday, 22-Jul-2024 22:42:25 JST">about 4 months ago</time> <span>from <span><a href="https://hachyderm.io/@shortridge/112813032900769755" rel="external" title="Sent from hachyderm.io via ActivityPub">hachyderm.io</a></span></span><a href="https://hachyderm.io/@shortridge/112813032900769755">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/2941590">Untitled attachment</a></label><br></li><li><article><header><div>Domain not in remote thumbnail source whitelist: kellyshortridge.com</div><h5><a href="https://kellyshortridge.com/blog/posts/rfi-secure-by-design-response/">Secure by Design RFI Response from Shortridge Sensemaking LLC</a></h5><div> from <span>Kelly Shortridge</span></div></header><div>This blog post describes our response to CISA’s RFI on Secure by Design and links to the PDF of our comments.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kelly Shortridge (shortridge@hachyderm.io)'s status on Monday, 22-Jul-2024 22:42:25 JSTKelly Shortridge
in reply to
- Ryan Petrich
this is why I’ve side eyed any federal document about software #security, quality, or #resilience that demonizes open source software while touting the virtues of commercial cybersecurity products
as if those products aren’t notorious for deep access + flimsy quality…
I’ve written about this concern in two separate RFIs to CISA et al (with co-conspirator @rpetrich)
1) on OSS security https://kellyshortridge.com/blog/posts/rfi-open-source-security-response/
2) on secure by design https://kellyshortridge.com/blog/posts/rfi-secure-by-design-response/
#crowdstrike
In conversationabout 4 months ago from hachyderm.iopermalink
Attachments
1. Untitled attachment
2. Domain not in remote thumbnail source whitelist: kellyshortridge.com
  Secure by Design RFI Response from Shortridge Sensemaking LLC
  from Kelly Shortridge
  This blog post describes our response to CISA’s RFI on Secure by Design and links to the PDF of our comments.

Public

Embed Notice

HTML Code

Corresponding Notice