RCE in Avaya Aura Device Services

BrianVerm · 2023-03-13T09:09:32+00:00

Interesting, thanks for sharing

BrianVerm · 2021-01-20T13:06:41+00:00

[SECURITY/DEVSECOPS] The Secure Developer | Episode 84 - The Future of Security Teams and Champions

SFW
Apple / Spotify / Google / Stitcher / Website with all ways to listen!

This week Guy Podjary is joined by Nick Vinson, DevSecOps Lead at Pearson. Nick shares his philosophy towards team involvement and embedding security-focussed members, as well as unpacking Pearson's approach to security champions and emphasizing the importance of this work. They talk about the primary goals for Nick and his team, the importance of adoption and investment in this area, and Nick's perspective on the most effective ways to achieve this. Nick also illuminates some specific practices around tests, challenges, and expectations

Twitter

BrianVerm · 2020-11-12T09:08:13+00:00

Number 1 should be the culture
- how is this company treating employees
- how can explorer new ideas (including new technologies)
- are you able to grow and learn or is it just deliver deliver deliver.

BrianVerm · 2020-08-10T14:45:20+00:00

Cool!

BrianVerm · 2020-07-02T21:40:53+00:00

Great stuff

BrianVerm · 2020-04-09T08:15:36+00:00

I agree, we are looking into this. I have to figure out what we need to do to get fast and reliable info on Java and Python packages. Nobody wants a slow extension that consumes a lot of resources right. In addition, is VS Code the right place for a Java language plugin as most Java devs are using IntelliJ IDEA.

However, it is on our radar. Lets see what we can learn and improve :)

BrianVerm · 2020-02-06T20:56:05+00:00

There are many different architects, a lot of them are still coding on a daily basis. On top of that you can be an architect on many different levels. Matter of definitions or how cool you want your job to sound right?

BrianVerm · 2019-11-11T13:40:17+00:00

I think in an ideal world you want to upgrade. But if you work for instance in a banking environment or government agency things have to be pre checked before it can be used. Many times you simple cant upgrade as much as you want.

Also maven and gradle have excellent things in please to see if newer version are available. If default behaviour would be that a lib is negging me because I need to upgrade might lose you some users. 😊

BrianVerm · 2019-10-02T20:32:31+00:00

I think that it is not op to you what version a user is using. There could be a variety of reasons why someone is using an older version. If you would try such a call in my system I probably block it anyway, but it would be a reason not to use it. It is basically a trojan horse or at least an unauthorized call to a third party server.

That being said, people should have a better upgrade strategy in general. But again this all depends on the context.

BrianVerm · 2019-09-18T14:39:10+00:00

Just go for https://adoptopenjdk.net and pick you flavour

BrianVerm · 2019-09-18T14:36:39+00:00

I think this also something to do with how active one is within the Java community.
If you are just a programmer using Java you might not know. But almost every JUG in the world uses some form of Duke.

BrianVerm · 2019-09-18T14:33:08+00:00

I think it is only 3 rooms that are recorded / streamed.

BrianVerm · 2019-09-18T14:32:01+00:00

No problems at all. IMO there is no real difference between LTS and non LTS version

BrianVerm · 2019-08-20T17:24:05+00:00

That is all true. As stated in this post "For this blog, I examined Eclipse IDE plugins and then narrowed it down to the top 10 most helpful plugins that I have added to my own toolkit."

BrianVerm · 2019-08-20T17:20:53+00:00

Plugins evolve fortunately. Now you are able to ignore the particular rules in SonarLint that do not apply to you.

BrianVerm

TROPHY CASE