Jean-Baptiste Maillet

Hardcore embedded C/C++ caveman.
Supply chain cybersecurity, SBOM , vulnerability management.
#embedded #linux #oss #psirt

Jean-Baptiste Maillet boosted:
CVE ProgramCVE_Program
2025-07-03

New “CVE Consumer Working Group” Open to the Public

A forum for end-consumers of List data, CWG will identify consumer needs, evaluate usability of CVE data, & recommend improvements to ensure CVE remains aligned with real-world use cases

cve.org/Media/News/item/news/2

Jean-Baptiste Maillet boosted:
CVE ProgramCVE_Program
2025-07-03

CVE Program adds Researcher Working Group (RWG) for researcher and bug bounty CVE Numbering Authorities (CNAs)
cve.org/Media/News/item/news/2

Jean-Baptiste Maillet boosted:
Anuj Ahoojaquillmatiq
2025-06-27

In the last five years, we've gone from "employees will never have to go into an office" to "employees need to be in the office because creative and innovative work can only be done face-to-face between humans" to "lol we don't need humans"

Jean-Baptiste Maillet boosted:
Alexandre Dulaunoyadulau@infosec.exchange
2025-06-26

We had the pleasure of presenting at FIRST.org 2025, showcasing the Vulnerability-Lookup and GCVE.eu initiatives.

Slides are now available.

#cybersecurity #vulnerability #cve #threatintel

@gcve @circl
@firstdotorg

🔗 vulnerability-lookup.org/2025/

Jean-Baptiste Maillet boosted:
2025-06-24

FIRST is honored to be part of the launch of the Common Good Cyber Fund, as recently announced by the Common Good Cyber secretariat!🛡️

This groundbreaking initiative will strengthen global cybersecurity by supporting nonprofits that deliver critical services protecting civil society actors at high risk and the Internet as a whole.

As incident response professionals, we know firsthand how nonprofit organizations serve as the frontline defense for Internet security, yet remain severely underfunded. This fund addresses that critical gap.

🌍 The impact: Supporting nonprofits that maintain core digital infrastructure and provide cybersecurity assistance to high-risk actors including journalists and human rights defenders.

🤝 The backing: All G7 Leaders have announced support, with UK and Canada leading joint investment.

🎯 Our commitment: FIRST believes in a strong, diverse cybersecurity ecosystem. This fund will provide the long-term support our community needs to make the Internet safe for all.

Together with the Internet Society, Global Cyber Alliance and fellow secretariat members, we're building a safer digital future for everyone.

Read more: go.first.org/yHGRp

#CyberDefense #cybersecurity #CommonGoodCyber
#infosec #security

Jean-Baptiste Mailletjbm@infosec.exchange
2025-06-24

@MalcolmNance as a leftwing Frenchman in Paris, I have to say this seems to be a fake news. Source? (I could not find any)
(plus it would be really silly from Iran to block about 25% of its economy = oil trade)

Jean-Baptiste Maillet boosted:
IEEE Spectrumieeespectrum
2025-06-23

Driving while distracted kills. A new startup is shifting from soft nudges to hard enforcement, identifying all phones in a vehicle and forcibly putting them into a safe mode. Some fleet operators report as much as a 60 percent reduction in accident rates post-installation. spectrum.ieee.org/distracted-d

Jean-Baptiste Mailletjbm@infosec.exchange
2025-06-20
Jean-Baptiste Maillet boosted:
2025-06-19

GCVE: Global CVE Allocation System

Enhancing Flexibility, Scalability, Autonomy, and Resilience in Vulnerability
Identification

Slides presented at a CSIRT meeting are now online.

📄 Slides (PDF) gcve.eu/presentation/gcve-eu-p

#gcve #cve #vulnerabilitymanagement #cybersecurity

Jean-Baptiste Maillet boosted:
2025-06-19
Jean-Baptiste Maillet boosted:
Alexandre Dulaunoyadulau@infosec.exchange
2025-06-18

Something that’s been bothering me for years in the security world: why do researchers demand bug bounties for vulnerabilities in open source projects, when the very contributors maintaining and fixing those issues get nothing, just goodwill?

It feels deeply unfair. The burden falls on unpaid maintainers, yet bounty hunters get rewarded. If you want a paid bounty, maybe help fund the people who actually fix the mess too.

#opensource #security #bugbounty

Jean-Baptiste Maillet boosted:
BeyondMachines :verified:beyondmachines1@infosec.exchange
2025-06-17

#VibeCoding your MFA

Screenshot of a MFA form: 

Account Verification

We have just sent the code 435841 to your phone
number: x0cx0x-8247
Please enter the code below to access your account:
Jean-Baptiste Maillet boosted:
-Boulet-bouletcorp2
2025-06-16

Rogatons Rediffusions - 02/05/2023 - "Pastille"
Source: bouletcorp.com/rogatons/2023/0

Boulet est assis dans un canapé, tablette et stylet à la main.
Boulet (in petto): "Allez, au boulot... Hm ? Oh-oh..."

En bas à gauche de l'écran, l'icône "courrier" est marqué d'une petite pastille qui annonce "87"Boulet, stressé et penché sur sa tablette: "Non non non non ne te laisse pas distraire ! On avait dit "Au boulot". Oublie le courrier."

Boulet reste immobile dans la même position, transpirant de plus en plus abondamment, les yeux écarquillés.Gros plan dramatique sur le visage de Boulet, dessiné de manière réaliste et éclairé du dessous.

Boulet se renverse sur le canapé en criant: "RHAAA NON C'EST PAS POSSIBLE, JE NE PEUX PAS !"
Et ouvre son courrier.Plan sur le doigt de Boulet qui tape sur "Tout marquer en "lu"".

Texte off: "Zéro nouveau message"

Boulet pousse un "Haaaaaa" de soulagement et commence à travailler en souriant.

Texte off: "Je hais ces pastilles sur les icônes."
Jean-Baptiste Maillet boosted:
2025-06-13

If you're already a GNA, we've created a set of logos you can use to show that you're a GCVE Numbering Authority (GNA).

🔗 gcve.eu/logo/

🔗 If you want to become a GNA gcve.eu/about/#eligibility-and

#gna #gcve #vulnerabilitymanagement #cve

GNA - GCVE.eu logo
Jean-Baptiste Mailletjbm@infosec.exchange
2025-06-13

@AkaSci as a person at high risk of severe form of COVID, I had what I believe to be my 7th shot of vaccine 10 days ago (I lost the exact count). For free, at my local drugstore in Paris.

Jean-Baptiste Mailletjbm@infosec.exchange
2025-06-10

@adulau ha yes it's confusing: I mean recently *modified*, e.g. the vuln is not new but 6 months old or 2 years old or whatever, but there has been a new piece of information about it = the vuln itself is not recently _published_ date wise, but recently _changed_.

Jean-Baptiste Mailletjbm@infosec.exchange
2025-06-10

@adulau regarding the HTTP ReST API: supplementing the "recent" and "last" endpoints, a "recent" (as in "recently modified") point might be useful? Based on experienced and familiarity with the NVD data feeds:
nvd.nist.gov/vuln/data-feeds
(Never retired since so elegantly simple.)

Jean-Baptiste Mailletjbm@infosec.exchange
2025-06-10

@adulau les tombent m'en bras.
#gorafi #theonion

Jean-Baptiste Maillet boosted:
Alexandre Dulaunoyadulau@infosec.exchange
2025-06-10

The latest executive order from Trump administration removed the following sentence from a previous executive order.

" e) Open source software plays a critical role in Federal information systems."

🔗 whitehouse.gov/presidential-ac

🔗 Original executive order public-inspection.federalregis

#opensource #us #cisa #cybersecurity

🤦‍♂️

Jean-Baptiste Maillet boosted:
2025-06-10

GCVE-BCP-03 - Decentralized Publication Standard has been published and open for public review.

The next release of @vulnerability_lookup will support it.

#cve #gcve #opensource #vulnerabilitymanagement #cybersecurity

🔗 gcve.eu/bcp/gcve-bcp-03/

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst