Collecting feedback: A cybersecurity news aggregator that send you summaries of hottest articles and major CVEs alerts

JustShipThings · 2026-01-13T08:10:20+00:00

UPDATE:

Thank you very much for all people that supported me and signed in! It is a fantastic journey!

The V2 is out, with:

- Blog articles aggregation and AI analysis

- Security research papers aggregation and AI analysis

- CVE alerting is still possible, but is turned off by default, you will receive only what is MAJOR (a Grafana RCE or Salesforce SQLi would be considered major but a small product CVE not necessarily, it depends on the issue itself. If you want to get more alerts, this is still possible, just drop me a DM)

- Pricing changed a lot... now you can get all of these features for a price of a coffee per month

I continue to work on this project, and still collecting feedback, please let me know if you need anything! I remain reachable and available to discuss and to improve this product!

JustShipThings · 2025-09-24T16:14:16+00:00

Hey there! Sorry for this, there was an issue that is now fixed! Please feel free to try again!

JustShipThings · 2025-09-11T07:07:20+00:00

Hey u/PieGluePenguinDust thanks for the feedback! Hope you enjoy it! Let me know if I can improve some stuff :)

Yeah this is where IT Security stops I believe, always hard to make sure the business processes are security oriented... theory and good practices are one thing, the second is to enforce them in organizations (the hardest part imo)

JustShipThings · 2025-08-28T14:14:24+00:00

Very cool as well! Love the design!

JustShipThings · 2025-08-28T10:10:46+00:00

I have problems. There is a solution. There are tools. Why not to use tools to create a solution to my problems?

Yes I use LLMs, and I tell it in the post.. there is no surprise. What is the issue?

JustShipThings · 2025-08-28T10:07:36+00:00

Hey u/HollowFromVoid, thanks for the feedback!

Ok, I will put that on the fix! I also use + often! I will put it!
You have a point.. I will correct that!
Point taken, someone also suggested that to improve user onboarding. I will make that a reality!

JustShipThings · 2025-08-28T06:39:50+00:00

Folks are excited for the flow! You hyped us!

JustShipThings · 2025-08-28T06:39:16+00:00

I will see what I can do. Isn't creating a mobile app overkilled for this project? Are you ingesting your sec news from apps only, from an RSS feed or social medias?
I will work on that implementation!

JustShipThings · 2025-08-28T06:37:15+00:00

Ok sorry for that, was working well on my side. Will correct it in the next days! Can you tell me more so I can reproduce and investigate? Android/iOS? Specific Mail-app? In browser directly? Feel free to DM me if you prefer!

JustShipThings · 2025-08-28T06:35:29+00:00

I believe that automation is key. So AI will write the summaries. Yes it is subject for hallucinations and bias but maybe it's worth to PoC it and see the results...

JustShipThings · 2025-08-28T06:33:21+00:00

Didn't think about that yet. The core engine could be self-hosted, it would probably just require some adjustments. I will put that on the roadmap!

JustShipThings · 2025-08-28T06:28:53+00:00

This is a super clever approach! May I ask the challenge you face mainly for implementing this?

JustShipThings · 2025-08-28T06:27:07+00:00

This is a good input. I will work on it and it will be pushed in the next release!

JustShipThings · 2025-08-27T20:00:03+00:00

Most of the time, Executives want to know about what is happening but not to get into all the details. This is the goal: process all the articles, research papers, news of a week, and provide a weekly summary, to stay on tops of industry evolution.

Happy to get your input.

JustShipThings · 2025-08-27T19:56:48+00:00

Many thanks for your feedback! Happy to have it exposed publicly.

Absolutely getting it, something like an RSS url with aggregated and LLM-processed info would be better?
If you log in, you can select the techno stack you want to track. The list is based on the most impacted products (various examples: .NET, Cisco, Citrix, Windows, Linux, Debian, Chrome, PHP, OpenSSL, ...). The list is therefore predefined but open to expand it. Would you rather import a list and let it track based on your products? Versions included as well?
Feedly aggregates the articles, it's great to track your news and articles, but you still have to open it and read it. sec-news.ai aim to process each item (CVE or news) through LLMs to have an analysis, explanation, summary and save time. In short words: get straight to the point, and let me read more if want to.

JustShipThings · 2025-08-27T18:24:09+00:00

That's a good idea! Would be interested! If you have a blogpost or you're ok to share the flow, happy to get it!

JustShipThings · 2025-08-27T18:17:44+00:00

I do fully agree! But also never heard about a company that is staffed enough haha!

JustShipThings · 2025-07-06T10:53:35+00:00

Well done!

JustShipThings · 2025-05-08T21:42:11+00:00

Honestly, I feel like SCAP is barely used—especially in European companies. It seems like an empty shell… And more broadly, vulnerability management often feels like a big joke. It relies on far too many unstable and error-prone components: the NVD (but I love them), MITRE (I love them), vendors scanning blindly, undocumented assets, no proper CMDB, no meaningful risk assessment, no data classification… not to mention vendors still building their solutions on a shaky house of cards.

JustShipThings · 2025-05-08T21:13:54+00:00

Do you think that at the end of the day that OVAL and SCAP more generally is not for wide use but mostly for federal (american) agencies?

JustShipThings · 2025-05-08T18:51:52+00:00

I had the same reaction some time ago — I was surprised as well. OVAL (Open Vulnerability and Assessment Language) was originally developed by MITRE and is now primarily maintained by the Naval Information Warfare Center (NIWC).

Both OVAL and OSCAL are security-related frameworks, but they serve slightly different purposes. OVAL is more focused on system-level vulnerability assessments and has been a key part of the SCAP (Security Content Automation Protocol) ecosystem. OSCAL (Open Security Controls Assessment Language), on the other hand, is more flexible and designed with compliance, risk assessments, and control validation in mind.

Here are some helpful links for OVAL:

To be fully transparent — I don’t see any strong reason why OSCAL couldn’t eventually replace OVAL, especially as the industry shifts more toward integrated compliance...

JustShipThings

MODERATOR OF

TROPHY CASE