
Software Supply Chain Vendor Landscape
An analysis of over 20 supply chain security vendors, from securing source code access and CI/CD pipelines to SCA, malicious dependencies, container security, SBOMs, code provenance, and more
Clint Gibler, Francis Odum /

An Overview of Software Supply Chain Security
A breakdown of what constitutes the software supply chain and how to secure each stage
Clint Gibler, Francis Odum /

How to securely build product features using AI APIs
A Practitioner’s Guide to Consuming AI
Rami McCarthy /

AI and Machine Learning in Cybersecurity
An overview of current applications of AI/ML to cybersecurity with relevant links and a vision of where things are headed.
Clint Gibler /
![[tl;dr sec] #178 - DevOps Threat Matrix, LLMs in Security, Supply Chain Security](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #178 - DevOps Threat Matrix, LLMs in Security, Supply Chain Security
Microsoft techniques and attack vectors for DevOps environments, applications of LLMs in security, the deps.dev API and Golang supply chain security.
Clint Gibler /
![[tl;dr sec] #177 AWS KMS Threat Model, DOM Invader, Forensics in the Cloud](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #177 AWS KMS Threat Model, DOM Invader, Forensics in the Cloud
Threat model and attack tree for AWS Key Management Service, Gareth Heyes on how to use the DOM Invader Burp extension, doing cloud forensics when a container is compromised.
Clint Gibler /
![[tl;dr sec] #175 The Future of Security Engineering, Awesome Kubernetes Threat Detection, ChatGPT Plugins](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #175 The Future of Security Engineering, Awesome Kubernetes Threat Detection, ChatGPT Plugins
The power of open source, flexible tooling, k8s detection resources, ChatGPT just got a whole lot more powerful.
Clint Gibler /
![[tl;dr sec] #174 - Mitigating SSRF in 2023, Isolation & Container Namespaces, Offensive AI Compilation](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #174 - Mitigating SSRF in 2023, Isolation & Container Namespaces, Offensive AI Compilation
The challenges in mitigating SSRF and the best way to do it, how Linux namespaces provide isolation properties for containers, resources on attacking AI models / using it for offensive purposes.
Clint Gibler /
![[tl;dr sec] #27 - AppSec Weekly, SOC2 Starting Seven, Save Encryption](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #27 - AppSec Weekly, SOC2 Starting Seven, Save Encryption
I was on Application Security Weekly #100, a no-nonsense guide to becoming SOC2 compliant, fight a bill that may kill encryption, compensation resources.
Clint Gibler /
![[tl;dr sec] #168 - GCP and Azure Storage Threat Models, macOS Security, Red Team Resources](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #168 - GCP and Azure Storage Threat Models, macOS Security, Red Team Resources
Detailed threat models for Google Cloud Storage and Azure Storage, Mac malware of 2022 and emerging payload obfuscation techniques, reverse engineering Rust binaries, offensive security and RE course, and more.
Clint Gibler /
![[tl;dr sec] #167 - SBOM, Scaling Security Alert Management, Mitigating RBAC-Based PrivEsc in Kubernetes](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #167 - SBOM, Scaling Security Alert Management, Mitigating RBAC-Based PrivEsc in Kubernetes
Generating SBOMs and evaluating their quality, how Brex manages and automates security alerts at scale, how popular k8s platforms hardened themselves.
Clint Gibler /
![[tl;dr sec] #166 - 2023 Security Predictions, Vuln Hunting with App Server Logs, Enforcing Device AuthN](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #166 - 2023 Security Predictions, Vuln Hunting with App Server Logs, Enforcing Device AuthN
Predictions for offense, from security leaders, and AWS, high signal vuln finding from application runtime exceptions, how Pinterest enforces managed and compliant devices in their Okta flow.
Clint Gibler /
![[tl;dr sec] #165 - Hunting for Malicious Persistence in the Cloud, GitHub Action Security, Dark Sides of Machine Learning](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #165 - Hunting for Malicious Persistence in the Cloud, GitHub Action Security, Dark Sides of Machine Learning
How to detect malicious persistence in AWS, GCP, and Azure, leaking GitHub Action secrets and improving OIDC security posture, will ChatGPT degrade communication online?
Clint Gibler /
![[tl;dr sec] #164 - Becoming Phishless, Machine Learning, Memory Safe Languages in Android 13](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #164 - Becoming Phishless, Machine Learning, Memory Safe Languages in Android 13
How a number of companies adopted WebAuthN and/or hard keys, neat new things in ML, the impact of Rust and memory safety in general in Android 13.
Clint Gibler /
![[tl;dr sec] #163 - Rebuilding Detection and IR at LinkedIn, CVEs and Misaligned Incentives, 2022 in Review and 2023 Predictions](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #163 - Rebuilding Detection and IR at LinkedIn, CVEs and Misaligned Incentives, 2022 in Review and 2023 Predictions
How LinkedIn scaled detection and minimized toil, why ReDoS CVEs are mostly noise, and reflecting on security in 2022 and predicting what 2023 has in store.
Clint Gibler /
![[tl;dr sec] #161 - ChatGPT, Scaling Vulnerability Management in Microservices, Supply Chain](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #161 - ChatGPT, Scaling Vulnerability Management in Microservices, Supply Chain
Many varied examples of using ChatGPT, how Lyft precisely fixes OS and OS-package level vulnerabilities across ~1,000 services, Sigstore and dangerous subtleties in the GitHub download artifacts API.
Clint Gibler /
![[tl;dr sec] #162 - Meaningful Security Product Metrics, Vulnerability Inbox Zero, Joe Sullivan Trial Deep Dive](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #162 - Meaningful Security Product Metrics, Vulnerability Inbox Zero, Joe Sullivan Trial Deep Dive
How to justify the value of your security team's investments and prioritize, how to build an Inbox Zero vulnerability management approach, Magoo's detailed blameless post-mortem of USA vs Joe Sullivan.
Clint Gibler /
![[tl;dr sec] #160 - Application Security Foundations, Machine Learning Uses, Blackbox Regex Fuzzing](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #160 - Application Security Foundations, Machine Learning Uses, Blackbox Regex Fuzzing
Notes from the WeHackPurple courses, a wide variety of applications of machine learning, bypassing validatoins and normalizations in web apps using regex fuzzing.
Clint Gibler /
![[tl;dr sec] #159 - Twitter vs Mastodon, GitHub Attack Trees, ThinkstScapes](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #159 - Twitter vs Mastodon, GitHub Attack Trees, ThinkstScapes
Twitter internals and Mastodon benefits/challenges, blue and red team attack trees for attacking GitHub, ThinkstScapes Quarterly covering AI/ML, clever cryptography, and software analysis at scale.
Clint Gibler /
![[tl;dr sec] #158 - Open Security Jobs, Career Advice, Internet Egress Filtering at Lyft](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #158 - Open Security Jobs, Career Advice, Internet Egress Filtering at Lyft
Open jobs from over 35 companies, great career advice from a variety of people, how Lyft achieved egress filtering on all services.
Clint Gibler /
![[tl;dr sec] #157 - Transforming Security Champions, Production-ready osquery, Compromising Self-hosted GitHub Runners](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #157 - Transforming Security Champions, Production-ready osquery, Compromising Self-hosted GitHub Runners
Tanya Janca on building a security champions program, highly turned osquery detections, gaining GitHub Runner persistence and how to detect compromises.
Clint Gibler /
![[tl;dr sec] #156 - Hipster History of CORS, Serverless Security Event Data Pipelines, Evaluating Container Attack Detection](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #156 - Hipster History of CORS, Serverless Security Event Data Pipelines, Evaluating Container Attack Detection
Dev's hilarious and useful history of the Internet and browser security, new toolkit from Brex to easily normalize and enrich security event data, additional Kubernetes attack methods and evaluating Falco.
Clint Gibler /
![[tl;dr sec] #155 - Understanding IAM, Autogenerate Art from Blog Post, Attacking Closed DNS Resolvers](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #155 - Understanding IAM, Autogenerate Art from Blog Post, Attacking Closed DNS Resolvers
Understanding AWS permission boundaries and IAM policy evaluation, use ML to create art for your blog post based on its text, taking over your infrastructure Kaminsky style.
Clint Gibler /
![[tl;dr sec] #154 - The State of AWS Security, Career Resources, Authorization](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #154 - The State of AWS Security, Career Resources, Authorization
Insights from the security posture of 600+ orgs, security career pathways mindmap and security communities overview, a number of resources about authorization.
Clint Gibler /
![[tl;dr sec] #153 - Postgres' Insecure Defaults, SBOM, Prototype Pollution](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/080a561f-2435-4477-a549-ab9f115e047c/landscape_Screenshot_2023-09-12_at_10.22.48_AM.png)
[tl;dr sec] #153 - Postgres' Insecure Defaults, SBOM, Prototype Pollution
How PostgreSQL server and client TLS defaults will make you sad, SBOM tools and reflections, walkthroughs to learn how prototype pollution works.
Clint Gibler /