🔐 Security ist kein Last-Minute-Feature.
Wer #SecurityByDesign früh umsetzt, verhindert teure Fixes und Risiken wie im Fall von Subaru – verursacht durch eine Webapplikation mit schwacher Sicherheitsarchitektur.
In seiner aktuellen Kolumne «Schlicht und einfach» zeigt @madmas, wie Shift Left und #DevSecOps helfen, #Security als durchgehende Verantwortung früh im Entwicklungsprozess zu verankern:
👉 https://www.inside-it.ch/schlicht-und-einfach-security-by-design-20251204
Computer Security Day 2025: Fraunhofer FOKUS und das @Weizenbaum_Institut betonen digitale Resilienz für Staat, Wirtschaft & Gesellschaft. Cyberangriffe und Regulierung erfordern #SecurityByDesign und Zusammenarbeit aller Akteure: ➡️ https://www.fokus.fraunhofer.de/de/newsroom/news/computer_security_day.html
𝗜𝗻𝘁𝗲𝗿𝘃𝗶𝗲𝘄 𝘄𝗶𝘁𝗵 𝘁𝗵𝗲 𝗖𝘂𝗿𝗮𝘁𝗼𝗿𝘀 𝗼𝗳 𝘁𝗵𝗲 𝗡𝗲𝘄 𝗖𝗣𝗦𝗔-𝗔 𝗠𝗼𝗱𝘂𝗹𝗲 𝗘𝗠𝗕𝗘𝗗𝗗𝗘𝗗𝗦𝗘𝗖! 🔐
We spoke with Felix Bräunling and Isabella Stilkerich about the new Advanced Level module #EmbeddedSecurity for Architects. They share why embedded security matters, how safety and security intersect, and which skills architects need to design secure embedded systems.
Dive into the full interview 👉 https://t1p.de/k3rzl
#CPSA #AdvancedLevel #SoftwareArchitecture #EMBEDDEDSEC #SecurityByDesign #EmbeddedSystems #iSAQB
Die #Denkwerkstatt2025 steht vor der Tür! Diskutiert mit uns über die Zukunft der #Cybersicherheit und entscheidet über die neuen Workstreams. Grundlage: 12 Ideen-Skizzen, von denen zwei in agile Projekte überführt werden. Die Bandbreite reicht von #ThreatIntelligence für die öffentliche Hand, über #ZeroTrust an der Hochschule bis zu #SecurityByDesign in #KI. Seid am 14. und 15. November in Berlin dabei. 👉 https://www.dialog-cybersicherheit.de/denkwerkstatt/
Cyber-Resilienzgesetz – Pflicht & Chance für digitale Sicherheit
Das neue Cyber-Resilienzgesetz bringt klare Regeln für digitale Produkte. Erfahre, was auf Unternehmen zukommt und wie Du Dich vorbereitest.
👉 Mehr unter: https://itextreme.de/categories/software-apps/cyber-resilienzgesetz-was-unternehmen-jetzt-wissen-muessen
#CyberSicherheit #EUVerordnung #ITCompliance #Digitalisierung #ITSicherheit #PrivacyByDesign #SecurityByDesign
Enterprise security doesn’t have to mean enterprise eyebleed.
Subnoto makes e-signatures effortless, secure, and fast.
#privacybydesign #securitybydesign #confidentialcomputing #privacyfirst #esignature #esignatures #saas #cybersecurity
Tara from Sovereign Tech Agency and Hugo will be hosting the next 'Memory Safety in the EU' meeting in Amsterdam, on Tue 26 Aug (during #OSSummit).
The meeting aims to finalise a statement on the importance of memory safety for security by design. This is a joint effort by several European stakeholders to put memory safety on the agenda of both industry and policy makers.
Read more here: https://tweedegolf.nl/en/blog/160/update-on-our-advocacy-for-memory-safety
🔐 Vernetzte Geräte und Cybersicherheit: Viele Smart-Home-Produkte haben gravierende Sicherheitslücken, z.B. schwache Passwörter oder unverschlüsselte Datenübertragung. Neue EU-Funkrichtlinien ab 1. August sollen Standards verschärfen. Händler & Konsumenten sind gefragt! 👉 https://www.srf.ch/sendungen/kassensturz-espresso/espresso/cybersicherheit-fuer-zuhause-vernetzt-aber-sicher-neue-regeln-fuer-smarte-geraete #Cybersicherheit #SmartHome #SecurityByDesign #IoT #newz
'Free Wi-Fi Leaves Buses Vulnerable to Remote Hacking' - Attackers can track the location of buses, access onboard cameras, initiate false emergency/accident alerts, and issue remote commands to critical systems - Yikes! https://bit.ly/45AwZSx #securitybydesign #threatmodeling #securityarchitecture
Cloud oder On-Premises? Die Wahl der IT-Infrastruktur ist viel mehr als nur Technik! Entscheidend sind Prozesse, Verantwortlichkeiten & eine gelebte Sicherheitskultur. Wer den Menschen nicht einbindet & auf präventive Maßnahmen setzt, riskiert mehr als nur finanziellen Schaden.
👉 https://42thinking.de/2025/07/cloud-vs-on-premises/
#Cybersecurity #Cloud #OnPremises #Sicherheitskultur #Unternehmenskultur #DigitaleTransformation #SecurityByDesign #Datenschutz #ITGovernance
One of our founding directors, Mike Eftimakis, sat down with Akshaya Asokan from Information Security Media Group (ISMG) to explore how CHERI is helping tackle one of cybersecurity’s biggest challenges: memory safety.
CHERI (Capability Hardware Enhanced RISC Instructions) is a hardware-based approach to security, designed to prevent around 70% of today’s common vulnerabilities. Backed by industry leaders and the UK government, we're working to ensure global adoption across the electronics supply chain.
Watch the interview to learn more about:
💠 How CHERI addresses memory safety issues
💠 Common hardware supply chain vulnerabilities
💠 Progress on adoption by chipmakers
💠 Scalability challenges associated with CHERI
🎥 Watch the full interview: https://www.bankinfosecurity.com/uks-cheri-alliance-expands-to-global-hardware-supply-chain-a-28942
#CHERI #CyberSecurity #HardwareSecurity #MemorySafety #SecurityByDesign #InfoSec
There's an #OpenPosition for a Secure-by-Design #Internship at #Vodafone in #Dresden. #Students can apply for this #Opening on the platform directly.
🔧 Right to repair, but not to fix security?
Framework’s philosophy empowers users to open, upgrade, and repair their devices. But with great openness comes a security catch.
On the Framework 13, pressing the chassis intrusion switch 10 times resets the BIOS, removing passwords, Secure Boot, and more.
We flagged this to Framework. Their response?
"It's a feature..."
That’s risky. This reset might help with recovery, but it also hands an attacker physical access to critical settings.
Kieran explains the issue, what this means for security, and how to protect your device.
📌Read here: https://www.pentestpartners.com/security-blog/framework-13-press-here-to-pwn/
#RightToRepair #HardwareSecurity #FrameworkLaptop #BIOSReset #SecurityByDesign #CyberSecurity
Are Web Components & Cybersecurity A Better Combo?
I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.
But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?
Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?
---
Quick context: I've got a #ReactJS #messagingApp (repo here: https://github.com/positive-intentions/chat) and a separate #UIFramework (repo here: https://github.com/positive-intentions/dim) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.
FYI, same question's on Reddit here: https://www.reddit.com/r/ExperiencedDevs/comments/1lmk1rg/are_web_components_better_for_cybersecurity/, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.
Threat Modeling hilft, Risiken früh zu erkennen – bevor sie zum Problem werden. Frag dich im Design: Was kann schiefgehen? Wer könnte angreifen? So entsteht Software, die nicht nur funktioniert, sondern schützt.
Basierend auf: "Threat Modeling" von Adam Shostack.
#SecurityByDesign #ThreatModeling
ICYMI: “Every TWINSCAN EUV ships with ~45 million lines of code […] Bugfixes and features start out as *word documents* sent to a series of review boards…”
https://alecmuffett.com/article/113264
#SecurityByDesign #SoftwareEngineering #bugs
ICYMI: “Every TWINSCAN EUV ships with ~45 million lines of code […] Bugfixes and features start out as *word documents* sent to a series of review boards…”
Remember, kids: all this security nightmare can be fixed through the simple act of regulators demanding that security be implemented “by design”.
Or not. Because “security by design” doesn’t mean anything.
These are the machines which fabricate all the world’s major CPUs:
*Last Call*
I have a #PhD position for UK students, available with myself and @bentnib
This project will be looking at developing new methods for asserting the resilience of existing communicating systems by developing new static analysis methods derived from advanced programming language research.
*Hard Deadline*: Wednesday 16th April 2025
You will belong to @StrathCyber and @mspstrath, as well as gaining access to @spli
(Ignore the deadline on the advert)
Please spread the words.
#dependentTypes #formalMethods #idris #programmingLanguageTheory #typeTheory #idris2 #computerSecurity #cybersecurity #securityByDesign #secureByDesign
I have a funded #PhD position for UK students, available with myself and @bentnib
This project will be looking at developing new methods for asserting the resilience of existing communicating systems by developing new static analysis methods derived from advanced programming language research.
Deadline: Thursday 20th March 2025
You will belong to @StrathCyber and @mspstrath, as well as gaining access to @spli
For now more details about the project are on my personal website.
https://tyde.systems/page/position/2025-jarss/
Please spread the words.
#dependentTypes #formalMethods #idris #programmingLanguageTheory #typeTheory #idris2 #computerSecurity #cybersecurity #securityByDesign #secureByDesign
