I started my certification journey quite late in my career. I followed the top certified folks on LinkedIn for a while to see if I could learn from their stengths as also mistakes. Some of the questions which I am looking to answer :

For a data format, yaml is extremely complicated. It aims to be a human-friendly format, but in striving for that it introduces so much complexity, that I would argue it achieves the opposite result. Yaml is full of footguns and its friendliness is deceptive.…

Do you know which format for generating a software bill of materials (SBOM) is the best option for your organization? A look at the two leading standards.

Every sufficiently advanced configuration language is the wrong tool for the job.

For basic configuration, YAML or JSON is usually good enough. It falls apart

How reliable was GitHub in 2022? Which features are less reliable? We have analyzed GitHub outages and found which features are the most unreliable.

The following think piece, written by Snyk’s Open Source and Open Standards Strategy Director, Daniel Appelquist, examines the origin of the term “supply chain security” and whether it’s a good fit for today’s open source software development process.

In fall 2022, Trail of Bits audited cURL, a widely-used command-line utility that transfers data between a server and supports various protocols. The project coincided with a Trail of Bits maker week, which meant that we had more manpower than we usually…

The real investment is how fast you get there

Cross-platform client for PostgreSQL databases. Contribute to sosedoff/pgweb development by creating an account on GitHub.

Easy NodeJS containers. Contribute to thesayyn/no development by creating an account on GitHub.

A tour of ProjectDiscovery's less-known public tools, and how to use them by @pry0cc


Introduction

For those unaware, ProjectDiscovery is a group of talented hackers and creators that have massively disrupted the offensive tooling industry by creating tooling…

Steve Springett, Chair of the CycloneDX Core Working Group, previews new features and functionality that will be added to CycloneDX versions 1.5 and 1.6.

### Learn More

On-Demand Webinar: Understanding and Using the CycloneDX Standard - https://www.bri…

Imagine a regression bug in your production system! We need a constant reminder that your production system is working as expected.

tl;dr: You can now pass an IAM role to every EC2 instance in your account + region.

When describing mitigations to supply chain security incidents, it helps to categorize how different incidents may be initiated. Based on the category, different mitigation strategies are more like…

Ian uses the Gartner Pyramid visualisation to talk about one of the biggest mistakes made in Cloud Native transformation strategies