Sublime

This quick summary brought to you by tl;dr sec, a weekly newsletter of the latest and greatest security tools, talks, and resources. Subscribe for free at https://t.co/dETCZSssDj... See more

Security will still be involved with sensitive things like authn/authz, externally facing services, dealing with PII, etc. Don't blame devs if they miss something. Instead, that means you need to improve the training so they get better at discovering risks over time.

Phases of the program: 1. Training phase - teach TMing material 2. Observation phase - Dev leads the TM session. Goal: they find all High & Critical risks 3. Review phase - Review TMs and provide feedback 4. Security optional phase - security only involved in sensitive areas

"The centralized security model is dead. We have to push all of our knowledge to engineers themselves. They need to understand security and they need to be able to handle security themselves." -@askjeevansingh

Identity is one of our most fundamental human rights. Yet, in the age of surveillance, commodification and centralization, it is under threat. Edward Snowden said it best, "The one vulnerability being exploited across all systems is identity."

On identity and privacy

Whoever is interested in embedding further backdoors has learned from the extensive public coverage of everything that went wrong. These mistakes have been pointed out, published and learned from. We have given the actors behind this backdoor free training for future attacks. It is time that distributions learn from this as well and also take train... See more

- Be an open-source, secure tech platform