How Engineers Can Tackle Data Privacy And Security
tl;dr: What can engineers do to stay on top of privacy? Most startups are not going to have a dedicated in-house privacy expert at their disposal. Learn how engineers can stay secure while growing a team and a product in Vanta’s recent blog.featured in #342
How To Access Infrastructure Without Usernames And Passwords
- Ev Kontsevoy tl;dr: Teleport 10 introduces Passwordless Access. Eliminate passwords and other static credentials like SSH keys from your infrastructure, making it more secure, scalable, and easier to use. Stolen credentials are the #1 cause of data breaches — Teleport 10 makes it easy to ditch the secrets and embrace identity. Learn more.featured in #338
How To Prevent Secrets From Ending Up On Developer's Machines
- Ryan Blunden tl;dr: Even with environment variable storage offered by modern hosting platforms and secrets managers provided by every cloud, developer's machines are still littered with secrets in unencrypted text files because local development was left out of the picture. Learn how to prevent secrets from ending up on developer's machines.featured in #336
I've Locked Myself Out Of My Digital Life
- Terence Eden tl;dr: "Imagine… last night, lightning struck our house and burned it down. I escaped wearing only my nightclothes. In an instant, everything was vaporised. Laptop? Cinders. Phone? Ashes. Home server? A smouldering wreck. Yubikey? A charred chunk of gristle. This presents something of a problem." Terence discusses the issues with 2FA, especially when "when things are secured by an unassailable algorithm" instead of a human.featured in #330
Cloudflare Mitigates 26 million Request Per Second DDoS Attack
- Omer Yoachimik tl;dr: "The 26M rps DDoS attack originated from a small but powerful botnet of 5,067 devices. On average, each node generated approximately 5,200 rps at peak. To contrast the size of this botnet, we’ve been tracking another much larger but less powerful botnet of over 730,000 devices."featured in #326
The State of Startup Security Report 2022
tl;dr: Vanta asked startups to honestly and anonymously answer questions about their security posture, their security roadmap, and how satisfied they are with their security in general. Over 500 people took part in our survey and we break down the results in our first annual State of Startup Security Report. Want to learn more? See the data for yourself in the State of Startup Security Report 2022.featured in #325
Proving Security Just Got Easier With The Vanta Trust Report
tl;dr: Proactively demonstrate your commitment to security, externally and in real-time with the Vanta Trust Report. Vanta Trust Reports showcase first-party data in an easy-to-understand dashboard, alongside commonly requested security documents, certifications, reports, and more, to create a single source of truth for your security and compliance.featured in #323
DevSecOps Maturity Model White Paper
tl;dr: Learn about the best practices for assessing and advancing your organization’s DevSecOps maturity. Detect vulnerabilities and deliver digital services with more confidence.featured in #319
Schneier On Security For Tomorrow’s Software
- Bruce Schneier tl;dr: Podcast episode where Bruce discusses the state of cyber-security, security and privacy best practices, his thoughts on Bitcoin and other cryptos, Tim Berners-Lee’s Solid project, and his advice for today’s developers building the software systems of tomorrow.featured in #319
Startup Getting Started? Think Pragmatic Security
tl;dr: There is an assumption that security should be the main priority for a founder when getting your startup going. Think again. Security is a tool to protect your customers and your business, and a founder’s main concern is growing that business. That’s a good thing -- here's how.featured in #318