@patrickcmiller Ban Virtual Machines and Containers.
Notices by Matt Franz (mdfranz@infosec.exchange)
-
Embed this notice
Matt Franz (mdfranz@infosec.exchange)'s status on Tuesday, 12-Mar-2024 19:58:31 JST Matt Franz
-
Embed this notice
Matt Franz (mdfranz@infosec.exchange)'s status on Tuesday, 26-Dec-2023 11:23:09 JST Matt Franz
@dalias @alecmuffett @dave_aitel "ocean of garbage" meaning the code and services you (or your team) didn't write? Or the underlying cloud infrastructure your service depends on that has limited control over? Or upstream/downstream services?
-
Embed this notice
Matt Franz (mdfranz@infosec.exchange)'s status on Tuesday, 26-Dec-2023 11:19:13 JST Matt Franz
@dalias @alecmuffett @dave_aitel I have a SaaS bias, but many vulnerabilities are cross component often because so few security folks understand the end to end an full stack view—or security functions are delegated to another component.
-
Embed this notice
Matt Franz (mdfranz@infosec.exchange)'s status on Tuesday, 26-Dec-2023 11:19:11 JST Matt Franz
@alecmuffett @dalias @dave_aitel That (well-intentioned) nonsense would never survive in any commercial product company where the bar for delivery is "mostly works most of the time" with a bare minimum of somewhat tested and in CI/CD as the happy path.
-
Embed this notice
Matt Franz (mdfranz@infosec.exchange)'s status on Tuesday, 26-Dec-2023 11:17:45 JST Matt Franz
@dave_aitel I guess I’ve been in security (and product companies) too fucking long to believe that is even possible.