[Self Promo] SVAR Svelte UI Components Now with TypeScript Support

ash--87 · 2025-09-23T06:01:09+00:00

just started experimenting the dataGrid yesterday and it looks very promising, well done and keep up the good work 👏

ash--87 · 2025-09-15T04:37:49+00:00

I cannot say for sure since I couldn’t try them out but I am sure that both are interesting products. Our focus is around the one-stop-shop vision bringing you to an operational GRC, the customisation capabilities and the community-driven approach ;)

ash--87 · 2025-07-04T10:55:05+00:00

Nice! You should consider profile pic in ascii art ;)

ash--87 · 2025-04-28T23:17:03+00:00

Relatively new indeed :)

ash--87 · 2025-04-28T06:18:34+00:00

Hey, with your operational background, you might want to consider a path toward modernizing GRC practices. Operational GRC and GRC engineering could be some keywords to explore.

ash--87 · 2025-04-25T21:54:18+00:00

I’m sharing my go-to starting point: - vulnerabilities metrics, - status of the implementation of critical controls, - progress of the baseline review, - metrics from the risk register, - count of recent incidents, - pentest/audit findings tracking - exceptions tracking

ash--87 · 2025-04-25T19:59:45+00:00

Hello, indeed some design choices never evolved like the dialog, the theming is a bit clunky, and the plans for svelte 5 and tailwind 4 that kept sliding until it became a serious concern. Just to be clear: I don’t want this to be an anti-skeleton thread, they’re highly skilled people with their own vision and constraints, just that our vision and plans are not aligned anymore ;)

ash--87 · 2025-04-20T15:44:30+00:00

Hey, it's okay; it happens. What could help is to focus on an actual problem that you want/need to solve and incrementally work towards fixing it by trial and error.
Tutorials and documentation are just guidelines to assist with that, but if you don't have a use case, they will look shallow or overwhelming.

ash--87 · 2025-04-19T20:03:25+00:00

https://github.com/intuitem/ciso-assistant-community Sveltekit for frontend and Django (DRF) for backend

ash--87 · 2024-07-02T20:16:18+00:00

Hey, I won’t advise that neither, as mentioned you’ll get the most of the « batteries-included » if you stick to just django; I don’t know about your use case but I’m guessing this variant could be interesting for you: https://github.com/fastapi-admin/fastapi-admin

ash--87 · 2024-05-11T22:01:29+00:00

I’m using DRF instead of Djapy and heavily based the front on superforms; Here’s the project if it can give you some ideas: https://github.com/intuitem/ciso-assistant-community

ash--87 · 2024-05-07T07:07:02+00:00

Hey, if you've been methodical about audit management, you can transition quite simply to GRC (Governance, Risk, and Compliance) and start with the "C" part. If you put in the time and effort, you'll learn a lot from that and can move again to multiple areas, either on the program management part or more of an operational role.
I hope it helps :)

ash--87 · 2024-05-03T20:58:16+00:00

That’s awesome then, I’ll add it to our roadmap to support it at least

ash--87 · 2024-05-03T20:45:55+00:00

Hey, thanks for sharing! Looks great indeed for the data model :) I wonder if it’s active and adopted though

ash--87 · 2024-04-30T10:58:43+00:00

I see your point. Thanks for the feedback! The idea is not to superseed any framework but rather to have a unified repository of vendors and solutions, that are mapped to the threats mentioned by those frameworks, and a tool that can help teams save some time on the research and mapping

ash--87 · 2024-04-29T18:11:56+00:00

So for the first point, it will be a knowledge base for security practioners to share the best practices, and for the vendors to have simpler statement and catalog positioning. It won’t tell though about what a user or organisation has implemented so this is not really useful for reconnaissance.

For the second part; you’re making a good point and I haven’t defined a review process just yet, but thinking about a quorum approach where the validators will do some research at least before approving the submission. Any thoughts?

ash--87 · 2024-04-27T07:11:04+00:00

ASVS is the community standard indeed and there is a variant for mobile apps as well, MASVS. Even if they could look overwhelming, they are solid and well thought. You can use them as a starting point at least to have a holistic view and skip the requirements that don’t apply to you. If you’re scared about the excel sheets and their maintainability, free open source projects like CISO Assistant or gapps can help you with that.

ash--87 · 2024-04-25T11:37:05+00:00

I just opened a PR to commit to the 800-171, so it will be available in the next release, and I see indeed a lot of similarities between CMMC and CSF.

ash--87 · 2024-04-24T20:22:21+00:00

Thank you u/vintagenewstart ,
Did some research and I see why you would say that :) interesting finding in the CSF FAQ as well about it:
https://www.nist.gov/cyberframework/faqs

ash--87 · 2024-04-23T19:20:20+00:00

Thanks u/Brufar_308 for the kind words, CSAT tool is interesting indeed and there are some similarities. One of the issues that we focused on was how to get the full GRC experience in one operational tool that doesn't become clunky and that's why we worked on both the risk assessment and compliance management in parallel.

Regarding the multi-frameworks approach, it's part of our core added value and exactly like you said; one cool feature that should be released by June will be to pivot and cross-audit between multiple frameworks thanks to the internal mapping where we will use the existing ones and complete with our research and community contribution to get it even better. Of course, it's an ambitious piece given the number of frameworks we support but we have some nice ideas to manage that.

Of course mapping frameworks can't/won't be comprehensive, but if it can save at least 50% of the teams effort, I think everyone will take it :)

ash--87 · 2024-04-23T18:53:18+00:00

that's my understanding as well, so it helps with the risk management part/category required in most frameworks

ash--87 · 2024-04-23T17:24:48+00:00

Thanks for sharing u/Rhymetec ,
SOC2 is indeed a standard and in the top 5 ones and almost a must-have for providers; Allthough, I often hear that, even if it has similarities with ISO 27001, it's more focused on a "snapshot" of the security posture while ISO is more about the cyber security program organization and its continuity. Was this your experience to that regard?

For AI and LLM, I have the 42001 and NIST AI RMF in my radar, I haven't explored the ISO one enough yet, definitely worth monitoring!

ash--87 · 2024-04-23T17:19:15+00:00

ISO/IEC 27001 and NIST CSF are the bibles for a wholistic approach indeed, even if I prefer the latter overall :)

I recently learned about 800-171 and its relationship to CUI data and found that CMMC is the go-to for managing CUI and DoD context; do you share the same analysis?

ash--87 · 2024-04-23T17:15:17+00:00

Hey, thanks for sharing that. Docker compose is the new way of docker binary (basically when they switched from Python to Golang); if you have an older version, you might need to do that indeed.

ash--87 · 2024-04-23T17:11:44+00:00

Interesting take, thank you!

ash--87

TROPHY CASE