As for me, I consider CISA's work on SBOM and VEX as dead. Same for vulnrichment. *Maybe* KEV would survive. :thinkgoing:
This is pure personal speculation of course, I'm not an ex-insider like you @todb (not even familiar with the ins and outs of US gov agencies, from 🥖 here).
Spotted yet another "NIS 2 certified" title on LinkedIn. Impressive, considering NIS 2 doesn't actually have a certification.
Are training agencies just inventing fantasy diplomas so people can avoid reading the actual NIS 2 directive?
Maybe we need a "Certified NIS 2 Reader" badge, read the document once, and you're more qualified than half the certifications out there.
I'd add another requirement:
* able to import Pocket data. Pocket can export to CSV, see https://support.mozilla.org/en-US/kb/exporting-your-pocket-list
(Also: the news is spreading in mainstream media, with several lists of alternatives.)
Mozilla is shutting down its Pocket service:
https://support.mozilla.org/en-US/kb/future-of-pocket
I'm looking for an alternative, preferably open source, possibly freemium (I used to pay for Pocket). Bill of requirements:
* browser extension, Firefox / Chrome
* Android application
* eReader (Kobo) would be great, but oh well...
* I don't care about the social part ("trending articles")
Any suggestion?
If you don't know what Pocket is, let's say it resemble a multi-client distributed bookmark service, with a striped down, unobtrusive reading mode:
https://en.wikipedia.org/wiki/Pocket_(service)
#mozilla #pocket #readitlater
...but this collides with the EUVD FAQ itself, which refer to the EUVD as related to the NIS2 directive, not the CRA.
Any EU regulation scholar around here?
:thinkgoing:
@adulau
Did you know?
CIRCL's vulnerability-lookup is mentioned in the LF/OpenSSF CRA training. (screencap, top left)
https://vulnerability.circl.lu/
https://training.linuxfoundation.org/express-learning/understanding-the-eu-cyber-resilience-act-cra-lfel1001/
@adulau
#circl #vulnerability-lookup #cra
Attaxion Becomes the First EASM Platform to Integrate ENISA’s EU Vulnerability Database (EUVD) http://www.youtube.com/watch?feature=player_embedded&v=H7aPxi2YoKo https://securityledger.com/2025/05/attaxion-becomes-the-first-easm-platform-to-integrate-enisas-eu-vulnerability-database-euvd/
Minutes from the CVE Board teleconference meeting on April 30 are now available
https://cve.mitre.org/community/board/meeting_summaries/30_April_2025.pdf
#CVE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA #Infosec #Cybersecurity
@iFixit France has a reparability index, mandated by law, that shall be displayed for some categories of products (e.g. smartphones):
https://entreprendre.service-public.fr/vosdroits/F38092?lang=en
More details (in French):
https://www.ecologie.gouv.fr/politiques-publiques/indice-reparabilite
@codegouvfr @ambnum @numerique_gouv C'est beau, c'est grand, c'est noble, c'est français. 🥖
"France Becomes First Government to Endorse UN Open Source Principles, Joined by 19 Organizations"
The 8 UN #OpenSource principles:
1. Open by default
2. Contribute back
3. Secure by design
4. Foster inclusive participation and community building
5. Design for reusability
6. Provide documentation
7. RISE (recognize, incentivize, support and empower)
8. Sustain and scale
@tinker in Paris in some bus stops, some buses and some subway lines as well.
The Global CVE (GCVE) allocation system is decentralized approach to vulnerability identification and numbering. The GCVE registry is a key component.
For this reason the registry is digitally signed using an RSA public key with SHA-512.
Thanks to the GCVE Python client, updating your local copy of the registry and verifying its integrity is just one command away:
$ gcve registry --pull
Learn more: https://gcve.eu
#Vulnerability #CVD #CVE #GCVE #OpenSource #VulnerabilityLookup
A password consisting only of lowercase L's, uppercase i's, the number 1 and the | pipe..
I|l11IllIIllIlIlII|
...technically satisfies all password requirements.
@metacurity the good ol' days. It must be 10 years or so I did not answered a question (and I never asked one), but my answers still get me some karma points from time to time.
GCVE-BCP-02 - Practical Guide to Vulnerability Handling and Disclosure has been published.
This is a draft open for review.
🔗 https://gcve.eu/bcp/gcve-bcp-02/
#vulnerabilitymanagement #gcve #vulnerabilityhandling #vulnerability
Rogatons Rediffusions - 11/04/2023 - "High Tech"
Source: https://www.bouletcorp.com/rogatons/2023/04/11
Starting to see (and getting a bit excited about) some components of openwebsearch.eu, and I was wondering if the EU will finally get its own Common Crawl, like dataset (commoncrawl.org).
It seems the crawling results aren't publicly accessible yet, and there's already some discussion about GDPR implications.
At this pace, we're still far from being able to compete with US-scale open data efforts 🤦♂️
#europe #commoncrawl #openwebsearch
🔗 https://pipeline.shared-search.eu/
🔗 https://pipeline.shared-search.eu/explain/license.html
