The culture of tech transfer holding back their technologies in the hopes of profitable licensing deals rather than releasing through their OSPOs is holding back most federal and university research from reaching those who would capitalize on it. #OSPOsForGood
In the void of cyberspace there exist entities of corruption who thrive in the darkness. These digital demons lust after vulnerabilities, feeding on weaknesses, exploiting them and reveling in the chaos they create.
Against these forces stands the #OpenVEX Document, a digital library of defense. More than a catalog of observations; it encapsulates the dance between software creation and its reported vulnerabilities. The Document serves as a register, capturing the cycles of invention and identification, providing a rich foundation for those who stand against the darkness.
The #OpenVEX Statement is the voice of the Document, a chronicle of the ongoing saga between the Product and its lurking Vulnerability. It narrates the intricate interplay between creation and exploitation in the software supply chain.
The Product, born of human invention, is a testament to what can be achieved when creativity meets code. Yet, it is not invincible. Each Product bears its Vulnerability, a constant reminder of the imperfections that exist even in the most meticulously crafted creation. Each report is a call to arms for the Product to evolve, to grow, to become more than what it was.
The VEX Status shines a light on the Product and its Vulnerability. It reflects the known state of the Vulnerability on the Product. Like a compass in this digital journey, the Status offers the investigator a clue amidst the ever-changing landscapes of the virtual world.
Finally, the #VEX Justification brings order to the chaos. It is the voice of reason in a world of uncertainty, its insights illuminating the path forward for the Product, helping digital detectives navigate the treacherous terrain of its vulnerabilities.
The defenders odyssey is clarified by the insights of its Status and the wisdom of its Justification. Guided by the Document and assisted by its Statements, the #SBOM undertakes the daunting mission of shielding organizations from future corruption its dependencies.
As the annals of VEX evolve towards unforeseen next versions, one truth stands: the cyclic dance of vulnerability and rectification will endure. For as long as code persists, Vulnerability will follow, and as long as Vulnerability is a reality, the war between order and chaos continues.
The story will go on with #SSVC...
https://t.co/YTOn1OrTc3
@peterdcrees@IanYates82@SwiftOnSecurity@IRJakkob On the flip side, it makes writing crazy little REPLs and debuggers trivial and I once used this quirk to make a batch only RPC protocol back in the 90's to run the SQL Server test build framework, so it's an overpowered but sometimes useful quirk.
@peterdcrees@IanYates82@SwiftOnSecurity@IRJakkob I once wrote a batch file that appended to itself as it ran, writing it's own code as it went along, then happily executing it. A beautiful monstrosity that goes against all my ethics ๐คฃ
@terrajobst I released Microsoft PCAnal in the 90's. A good 8.3 compliant name shorting of the Microsoft PC Analyzer. Needless to say, we got escalated to the naming stuff team pretty fast and needed to rebrand in a quick follow up release ๐
@np_acl_tear@_msw_ Vetting a component technically is completely irrelevant to the license of that component. I haven't seen a difference in integrability and quality between good, well supported commercial software and good, well supported OSS. But they both need engineering and maintenance.
@Aspie96@_msw_ There also an effect that by pointing it out unduly it has the effect of edifying the opposite claim, which is equally false: that proprietary components have a security advantage. I generally raise this point by attacking both premises together.
@theckman@grafana I hear you. Internal Amazon metrics systems from 12 years ago even would be a godsend in this environment I'm currently trying to deal with. I miss my dashboards.
I like big blimps and I cannot lie
You other brothers can't deny
When a blimp flies in
With an itty bitty case
Under a round thing in your face
You get sprung
Wanna pull up tough
Cuz you notice that blimp was stuffed
I like big blimps and I cannot lie
You other brothers can't deny
When a blimp flies in
With an itty bitty case
Under a round thing in your face
You get sprung
Wanna pull up tough
Cuz you notice that blimp was stuffed
The worlds largest aircraft prototype is called the Air Lander 10. The helium pumped hybrid aircraft consists of an airplane, airship and helicopter built all in one.
@shad0wbits I worked on something like this. One device out there is an entire mobile reactor control room simulator. There are all sorts of scenarios played out in nuclear reactor operations and they train pretty hard. It's a small community, but an interesting one.
Hmmm. I just had a bizarre experience, involving a global news organisation and a trillion dollar corporation. (I got caught in the middle, so... owch.)
Itโs not the sort of experience the people involved usually talk about in publicโฆ so I think Iโll talk about it in public.
๐งต