Shakedown Social

CHERI AllianceOne of our founding directors, Mike Eftimakis, sat down with Akshaya Asokan from Information Security Media Group (ISMG) to explore how CHERI is helping tackle one of cybersecurity’s biggest challenges: memory safety.CHERI (Capability Hardware Enhanced RISC Instructions) is a hardware-based approach to security, designed to prevent around 70% of today’s common vulnerabilities. Backed by industry leaders and the UK government, we're working to ensure global adoption across the electronics supply chain.Watch the interview to learn more about:💠 How CHERI addresses memory safety issues 💠 Common hardware supply chain vulnerabilities 💠 Progress on adoption by chipmakers 💠 Scalability challenges associated with CHERI🎥 Watch the full interview: <a href="https://www.bankinfosecurity.com/uks-cheri-alliance-expands-to-global-hardware-supply-chain-a-28942" rel="nofollow noopener" translate="no" target="_blank">https://www.bankinfosecurity.com/uks-cheri-alliance-expands-to-global-hardware-supply-chain-a-28942</a><a href="https://infosec.exchange/tags/CHERI" class="mention hashtag" rel="nofollow noopener" target="_blank">#CHERI</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/HardwareSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#HardwareSecurity</a> <a href="https://infosec.exchange/tags/MemorySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#MemorySafety</a> <a href="https://infosec.exchange/tags/SecurityByDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityByDesign</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a>

xoron :verified:Are Web Components & Cybersecurity A Better Combo?I'm not trying to dunk on popular <a href="https://infosec.exchange/tags/UI" class="mention hashtag" rel="nofollow noopener" target="_blank">#UI</a> <a href="https://infosec.exchange/tags/frameworks" class="mention hashtag" rel="nofollow noopener" target="_blank">#frameworks</a> – I'm sure they're totally fine for <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> stuff, probably get loads of reviews and <a href="https://infosec.exchange/tags/audits" class="mention hashtag" rel="nofollow noopener" target="_blank">#audits</a>.But from my angle: Web Components are *native* to the <a href="https://infosec.exchange/tags/browser" class="mention hashtag" rel="nofollow noopener" target="_blank">#browser</a>. Doesn't that just inherently reduce the risk of **<a href="https://infosec.exchange/tags/SupplyChainAttacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainAttacks</a>** (you know, like a rogue `npm install` on a bad network) for your <a href="https://infosec.exchange/tags/AppSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSecurity</a>?Or am I overthinking it, and the <a href="https://infosec.exchange/tags/framework" class="mention hashtag" rel="nofollow noopener" target="_blank">#framework</a> choice is less important than the <a href="https://infosec.exchange/tags/browser" class="mention hashtag" rel="nofollow noopener" target="_blank">#browser</a>, <a href="https://infosec.exchange/tags/OS" class="mention hashtag" rel="nofollow noopener" target="_blank">#OS</a>, or <a href="https://infosec.exchange/tags/device" class="mention hashtag" rel="nofollow noopener" target="_blank">#device</a> running it? What are your thoughts, <a href="https://infosec.exchange/tags/DevCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevCommunity</a>?---Quick context: I've got a <a href="https://infosec.exchange/tags/ReactJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ReactJS</a> <a href="https://infosec.exchange/tags/messagingApp" class="mention hashtag" rel="nofollow noopener" target="_blank">#messagingApp</a> (repo here: <a href="https://github.com/positive-intentions/chat" rel="nofollow noopener" translate="no" target="_blank">https://github.com/positive-intentions/chat</a>) and a separate <a href="https://infosec.exchange/tags/UIFramework" class="mention hashtag" rel="nofollow noopener" target="_blank">#UIFramework</a> (repo here: <a href="https://github.com/positive-intentions/dim" rel="nofollow noopener" translate="no" target="_blank">https://github.com/positive-intentions/dim</a>) built with <a href="https://infosec.exchange/tags/Lit" class="mention hashtag" rel="nofollow noopener" target="_blank">#Lit</a> (which uses Web Components). I'm genuinely wondering if there's a compelling <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> reason to refactor the chat app to use my <a href="https://infosec.exchange/tags/WebComponent" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebComponent</a> UI framework. Might be a whole new level of <a href="https://infosec.exchange/tags/SecurityByDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityByDesign</a> for <a href="https://infosec.exchange/tags/FrontEndDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#FrontEndDev</a>.FYI, same question's on Reddit here: <a href="https://www.reddit.com/r/ExperiencedDevs/comments/1lmk1rg/are_web_components_better_for_cybersecurity/" rel="nofollow noopener" translate="no" target="_blank">https://www.reddit.com/r/ExperiencedDevs/comments/1lmk1rg/are_web_components_better_for_cybersecurity/</a>, got some good <a href="https://infosec.exchange/tags/insights" class="mention hashtag" rel="nofollow noopener" target="_blank">#insights</a>, but want to make sure nothing's getting overlooked! Let's discuss <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/WebDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebDev</a> <a href="https://infosec.exchange/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#JavaScript</a> <a href="https://infosec.exchange/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://infosec.exchange/tags/TechQuestion" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechQuestion</a>.

Jan de Muijnck-Hughes*Last Call* I have a <a href="https://discuss.systems/tags/PhD" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhD</a> position for UK students, available with myself and <a href="https://types.pl/@bentnib" class="u-url mention" rel="nofollow noopener" target="_blank">@bentnib</a> This project will be looking at developing new methods for asserting the resilience of existing communicating systems by developing new static analysis methods derived from advanced programming language research.*Hard Deadline*: Wednesday 16th April 2025You will belong to <a href="https://mastodon.acm.org/@StrathCyber" class="u-url mention" rel="nofollow noopener" target="_blank">@StrathCyber</a> and <a href="https://mastodon.acm.org/@mspstrath" class="u-url mention" rel="nofollow noopener" target="_blank">@mspstrath</a>, as well as gaining access to <a href="https://mastodon.scot/@spli" class="u-url mention" rel="nofollow noopener" target="_blank">@spli</a> <a href="https://www.strath.ac.uk/studywithus/postgraduateresearchphdopportunities/science/computerinformationsciences/towardstype-drivenassuranceofcommunicatingsystems/" rel="nofollow noopener" translate="no" target="_blank">https://www.strath.ac.uk/studywithus/postgraduateresearchphdopportunities/science/computerinformationsciences/towardstype-drivenassuranceofcommunicatingsystems/</a>(Ignore the deadline on the advert)Please spread the words. <a href="https://discuss.systems/tags/dependentTypes" class="mention hashtag" rel="nofollow noopener" target="_blank">#dependentTypes</a> <a href="https://discuss.systems/tags/formalMethods" class="mention hashtag" rel="nofollow noopener" target="_blank">#formalMethods</a> <a href="https://discuss.systems/tags/idris" class="mention hashtag" rel="nofollow noopener" target="_blank">#idris</a> <a href="https://discuss.systems/tags/programmingLanguageTheory" class="mention hashtag" rel="nofollow noopener" target="_blank">#programmingLanguageTheory</a> <a href="https://discuss.systems/tags/typeTheory" class="mention hashtag" rel="nofollow noopener" target="_blank">#typeTheory</a> <a href="https://discuss.systems/tags/idris2" class="mention hashtag" rel="nofollow noopener" target="_blank">#idris2</a> <a href="https://discuss.systems/tags/computerSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#computerSecurity</a> <a href="https://discuss.systems/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://discuss.systems/tags/securityByDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#securityByDesign</a> <a href="https://discuss.systems/tags/secureByDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#secureByDesign</a>

Paul RosenzweigAnother good @lawfare entry in the <a href="https://thecooltable.wtf/tags/SecuritybyDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecuritybyDesign</a> series: <a href="https://www.lawfaremedia.org/article/privacy-by-design--lessons-for--security-by-design" rel="nofollow noopener" translate="no" target="_blank">https://www.lawfaremedia.org/article/privacy-by-design--lessons-for--security-by-design</a>

Patrick Breyer🇬🇧 <a href="https://digitalcourage.social/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a> attack: Unknown persons attempted to install a global, highly dangerous backdoor in IT systems.Beware: The 🇪🇺 Commission is planning "legal" backdoors for devices & apps! PR-speak: <a href="https://digitalcourage.social/tags/AccessByDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#AccessByDesign</a> / <a href="https://digitalcourage.social/tags/SecurityByDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityByDesign</a> <a href="https://home-affairs.ec.europa.eu/document/download/17739cd7-098e-4df3-8f41-37be73560086_en?filename=HLG-WG1-background-document-05122023_en.pdf" rel="nofollow noopener" translate="no" target="_blank">https://home-affairs.ec.europa.eu/document/download/17739cd7-098e-4df3-8f41-37be73560086_en?filename=HLG-WG1-background-document-05122023_en.pdf</a> @GreensEFA More: <a href="https://digitalcourage.social/tags/EUGoingDark" class="mention hashtag" rel="nofollow noopener" target="_blank">#EUGoingDark</a>

Luddite under protest<a href="https://woof.tech/@Frisk" class="u-url mention" rel="nofollow noopener" target="_blank">@Frisk</a> I would rather to see a bounty to get <a href="https://mastodon.matrix.org/@matrix" class="u-url mention" rel="nofollow noopener" target="_blank">@matrix</a> to stop using <a href="https://eattherich.club/tags/CaaC" class="mention hashtag" rel="nofollow noopener" target="_blank">#CaaC</a> (Cloudflare as a Crutch) and switch to <a href="https://eattherich.club/tags/securityByDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#securityByDesign</a>. I can’t be motivated to donate to <a href="https://eattherich.club/tags/Matrix" class="mention hashtag" rel="nofollow noopener" target="_blank">#Matrix</a> project until it shakes free from its tech giant dependency.<a href="https://sopuli.xyz/post/8923970" rel="nofollow noopener" translate="no" target="_blank">https://sopuli.xyz/post/8923970</a>

Recent searches

Search options

Administered by:

Server stats:

#securitybydesign