My little corner of the internet

In this world of AI, no-one can miss the discussions about “vibe coding”. What that means is a the use of AI to write code to develop a product quickly, and the author doesn’t even need to know how to write code. This opens up so many possibilities, as long as the code has a high quality. I won’t dig deeply into the quality of the code produced by AI today, but for now I wouldn’t trust code written by AI to be run in production without rigorous code review and testing. However, if we assume that AI in the future would be of a quality high enough to be run, what would the impact be on Developers? I would argue that this is not a new problem, but a new version of an old problem. ...

As a penetration tester, you will inevitably find yourself involved in scoping engagements, navigating the challenges of aligning a client’s needs with their expectations. “Penetration testing” is a term that almost everyone believes they understand, yet it often carries vastly different interpretations. This ambiguity makes it more of an umbrella term, offering little insight into how the test will actually be executed or what it will cover. In this post, I’ll share my perspective on one approach to differentiating how penetration tests can be executed, helping both testers and clients clarify their expectations. ...

Lately, I’ve been thinking about the complexity of securing the software supply chain. If there’s one lesson we’ve learned from incidents like the SolarWinds and Kaseya attacks, it’s that our supply chains are increasingly becoming the weakest link in our cybersecurity defenses. What makes it even more challenging is the regulatory landscape—particularly within the European Union (EU)—which is evolving to place more responsibility on organizations to secure their supply chains. ...

While looking into IT Service Change Management, and primarily in accordance with ITIL, there was one thing that stood out. There seems to be a disconnect between the the development point of view and how change management is implemented by operations. With that I mean that the implementations I have seems to be more applicable for finished product than with software developed in house. The change management processes works when a change is either adding a new product or installing a new version. When it comes to full software development, the change management process gets fuzzy and drawn out. This gets even more distinct when looking at the more agile or DevOps ways of working of development. ...

In the world of cybersecurity there is a lot of specific definitions, a type of insider lingo that we assume that everyone agrees on the definition of. However, herein lies the problem. We assume, without discussing. I have ended up in multiple discussions that occurs due to different interpretations of a definition. In this post I’ll give my view of one of the biggest differences of definition that I have seen, namely what we include in the term cybersecurity. ...