Lmst

Jonatan Männchen boosted:

The Erlang Ecosystem Foundation CNA now publishes vulnerability data directly to OSV.dev. No more relying solely on CVE→OSV conversion.

This update means faster, cleaner, and higher-quality security data for the BEAM ecosystem — including Erlang, Elixir, Gleam, and Hex.pm.

We’ve also expanded our scope to include:
@nervesproject
OpenRiak

The EEF CNA (http://cna.erlef.org/) will handle vulnerability disclosures for these projects, going forward and strengthening coordinated security across the BEAM ecosystem.

All part of our ongoing ÆGIS Initiative: https://security.erlef.org/aegis

Jonatan Männchen boosted:

What if the BEAM got hit by a worm? 🪱

We’ve been lucky so far — but luck runs out.
The Ægis Initiative is how we defend our ecosystem.

👉 Read more & support: https://erlef.org/blog/eef/beam-worm

#Erlang #Elixirlag #Gleam

Jonatan Männchen boosted:

🎙️ @maennchen joins the latest @openssf podcast!

In this SOSS episode, he shares how the Erlang community is proactively addressing security concerns, why manufacturers are investing in upstream projects — and what other ecosystems can learn from their approach.

Listen now: https://shorturl.at/iKdG7

Jonatan Männchen boosted:

🙌Welcome to another #GettingToKnowUs edition!

This time we got to meet @maennchen a seasoned developer and lead engineer, with contributions to major projects like the certified #OpenID Connect client for the #BEAM. He is currently the CISO of our Foundation and an active member of the #Security WG.

👉 Read the interview: https://erlef.org/blog/marketing/getting-to-know-jonatan-mannchen

🎥 Watch the full video: https://www.youtube.com/watch?v=KDpf7REb_3A

Jonatan Männchen boosted:

🔐 Security and the BEAM Ecosystem

In this insightful session organized by @erlangsolutions, @maennchen — CISO at our Foundation —shares how the BEAM community is stepping up its open source security efforts, including becoming an official CVE Numbering Authority (CNA).

What you’ll learn:
✔️Why the EEF became a CNA and how it helps the BEAM community
✔️Common security risks developers overlook and how to avoid them
✔️How better vulnerability tracking and tooling can reduce future problems
✔️Why early, simple steps toward security save time and effort later

Learn more: https://www.erlang-solutions.com/webinars/security-and-the-beam-ecosystem/

Jonatan Männchen boosted:

🎥 What’s new at the EEF?

Alistair Woodman, @maennchen & Dan Janowski share big updates:

🔐 We’ve joined the CVE® Program as an official CNA
🛡️ Launched the Ægis Initiative to boost security

Must-watch for the BEAM community!
▶ https://youtu.be/5WqMpSt_rRE

Jonatan Männchen boosted:

Serious monday for a serious topic.

Navigating security problems doesn't have to be all dread and cold sweat. Jonatan Männchen is the CISO of the Erlang Ecosystem Foundation and the person that helps us all navigate the proceedings. He will take you on this journey in his talk to get you ready for the real thing.
https://goatmire.com/speaker/jonatan-mannchen
#elixir

Jonatan Männchen boosted:

🔐 Big news from the #Gleam community!

The EEF Security Working Group helped @gleamlang include Build SBoMs and SLSA build provenance for all release artifacts and Docker images.

This means greater visibility into dependencies and stronger software supply chain security. 💪

Starting with version v1.10.0, every Gleam release will feature these important security details.

👉 Check it out: https://github.com/gleam-lang/gleam/releases/tag/v1.10.0

Jonatan Männchen boosted:

📢 Why did we launch the Supply Chain Security & Compliance Initiative (ÆGIS)?

Because we believe a safer BEAM ecosystem benefits us all.
Here’s what we’re aiming for:

🔒 Elevate ecosystem-wide security
✅ Streamline compliance readiness
🤝 Foster trust and transparency
🌍 Democratize access to advanced security
🚀 Enable secure publishing workflows

Learn more 👉 https://security.erlef.org/aegis/

#Erlang #Elixirlang #Gleam

Jonatan Männchen boosted:

💫Just released: a GitHub Action to submit Elixir/Mix dependencies via GitHub's Dependency Submission API.

✅ Perfect for unlocking security alerts, dependency graphs, and Dependabot Security updates!

Check it out: https://github.com/erlef/mix-dependency-submission

#Elixirlang

Jonatan Männchen boosted:

🔒Big news! The EEF Security WG has launched the Supply Chain Security & Compliance Initiative!

📢 This initiative is focused on enhancing security and compliance across the BEAM ecosystem. All work is guided and reviewed by the WG and the EEF CISO.

👉 https://security.erlef.org/aegis/

#Erlang #Elixirlang #Gleam

Jonatan Männchen boosted:

Der #38c3 Abbau schreitet voran

Jonatan Männchen boosted:

🎙 New episode of BeamRadio!

Join @maennchen, a member of the EEF Security Working Group, as he dives into the fascinating world of OpenID.

https://www.beamrad.io/63

#oidcc #Erlang #MyElixirStatus

My talk about OpenID on the BEAM for @codesync America has just been approved 🎉

https://sessionize.com/s/maennchen/unlock-the-power-of-openid-connect-on-the-beam/77511

@seldaek Thanks 😊 I know about the possibility of restricting to 64bit. I was just interested how many users of my libary would be excluded by adding it. Sadly I can’t find any statistics about it anywhere.

@seldaek If I remember correctly, you published yearly PHP version statistics of composer users. Do you know the share of 32-bit vs 64-bit users as well?

I'm trying to decide for a package that needs 64-bit integers and uses a Polyfill for it if we can retire 32-bit support.

#introduction

main([]) ->
  broadcast_hello(registered()). 

broadcast_hello([]) -> ok;
broadcast_hello([H|T]) ->
  H ! hello_everyone,
  broadcast_hello(T).

Client Info