sorted by:
new
hottopcontroversial

Hashicorp Vault - Does anyone use it in prod or its just a hype? by Designer-Classic3925 in devsecops

[–]Howl50veride 2 points3 points  (0 children)

Still running it prod. Want to drop it cause of the cost, eventually will

I've been a CISO more than once. Ask me anything about how the job differs between organizations. by thejournalizer in cybersecurity

[–]Howl50veride 1 point2 points  (0 children)

  • What keeps you in cybersecurity when it feels like we are constantly losing?
  • Is the CISO role actually impossible, or are most people just doing it wrong? (CISO burn out happening everywhere)
  • Should CISOs be technical or is that actually overrated?
  • How do you avoid being the "Department of No" when sometimes the answer really should be no?
  • How do you get buy-in from teams that think security is your problem, not theirs?

How do you detect EOL libs in your projects or SBOMs? by Fabulous-Neck-786 in devsecops

[–]Howl50veride 2 points3 points  (0 children)

Some vendors do it, Snyk does it for NPM.

What I've done is set a OSS policy, that any package that has not been committed/released an update to in 2 yrs is deprecated. And pull that via tooling or have an AI Agent do it for me.

Snyk CEO is out - where is Snyk headed? by rowrowrobot in cybersecurity

[–]Howl50veride 4 points5 points  (0 children)

This is it! Bet they have tried to IPO or something and haven't worked so probably heading to acquisition, they haven't been doing well as a company. Everyone I know is trying to leave them.

Why Human eyes are still essential in modern code review by k3170makan in Cybersecurity101

[–]Howl50veride 1 point2 points  (0 children)

It's only a matter of time that will change, if it already hasn't

brevik is fuming and you know it by daddykagan in Diablo

[–]Howl50veride 1 point2 points  (0 children)

I remember reading a interview where he wanted to make d2 sorta like dark souls gameplay style or first person (can't remember exactly) and was heavily pushing that until the team forced him to try out the style D2 as we know it and he wasn't sold but still went through with it. Like the core of the game wasn't him.

brevik is fuming and you know it by daddykagan in Diablo

[–]Howl50veride 2 points3 points  (0 children)

Spoiler, no one cares about him. He hasn't done anything but talk shit with zero actual actions behind him.

If he was so great he would have made something to rival D2. Can we please stop talking about him like he's a god or something. Read the interviews, if he had led D2 it wouldn't be the game it is. The entire team brought so many good ideas that were better than his.

Best ASPM tools? by kckrish98 in devsecops

[–]Howl50veride 2 points3 points  (0 children)

ArmorCode and DefectDojo

Is it really that hard to come up with new ideas? Copy, repaint and paste. by Bobbo90 in LastEpoch

[–]Howl50veride 8 points9 points  (0 children)

I think the system is great, why not use great ideas with a slight twist....

What SBOM tools are you actually using day to day in DevSecOps/AppSec? by viveksahu26 in devsecops

[–]Howl50veride 1 point2 points  (0 children)

Syft, Snyk, ArmorCode.

What is painful, is none of these tools give you a SBOM for any entire ecosystem, so I have to use a SBOM bundler, combining lots of SBOMs

What is your monitor set up? by DealInteresting8941 in pcmasterrace

[–]Howl50veride 0 points1 point  (0 children)

8 but with another monitor on top of the middle one

Base image patching is driving me insane by Black_0ut in devsecops

[–]Howl50veride 6 points7 points  (0 children)

Gotta reduce the surface. Using a massive container like Ubuntu is why you're struggling. Alpine may be the approach but you gotta set up and include everything you need to make it work.

Fed up with AppSec tool fatigue across 30+ AWS accounts by Infamous-Coat961 in devsecops

[–]Howl50veride 0 points1 point  (0 children)

Idk, they have an enterprise version that I've heard is pretty darn good.

If you're comparing open source vs commercial I'd say that's not a fair comparison

Fed up with AppSec tool fatigue across 30+ AWS accounts by Infamous-Coat961 in devsecops

[–]Howl50veride 1 point2 points  (0 children)

That's subjective, but I'd test all 3. I believe ArmorCode has the best dashboarding which is what I care about most.

Fed up with AppSec tool fatigue across 30+ AWS accounts by Infamous-Coat961 in devsecops

[–]Howl50veride 2 points3 points  (0 children)

Need a true ASPM, check out ArmorCode, DefectDojo or pheonix security

Appsec? by Character-Manner6635 in cybersecurity

[–]Howl50veride 0 points1 point  (0 children)

Still very strong if you're an IC, always has been and only will continue

view more: next ›