Latest posts tagged with #productsecurity on Bluesky
commercetools is hiring a Principal Engineer, Product Security in Hybrid - Berlin, London, München or Valencia. Lead shift‑left security on multi‑cloud (K8s, Terraform, Vault, Go, AWS/Azure/GCP). Drive security strategy & empower teams. #ProductSecurity #TechJobs aihackerjobs.com/company/comm...
Sept 2026: Cyber Resilience Act rules on vulnerabilities & disclosure begin (full enforcement 2027). US software/product companies selling to the EU must act now or face rushed, costly changes.
www.wibu.com/us/enabling-...
#CyberResilienceAct #ProductSecurity
The Cyber Resilience Act (CRA) will impact EU sales of North American organizations by 2026-2027. It requires enforceable tech controls before release & after deployment. Are you ready?
Learn more: www.wibu.com/us/solutions...
#CyberResilienceAct #ProductSecurity #Cybersecurity
Due to detailed #exploit guidance in the wild, the priority of patching this #Redis XACKDEL #vulnerability increased this week. CVE-2025-62507 buff.ly/NJvVjvS
‼️ if you haven't yet upgraded your Redis installs, you should increase the priority of that.
#CVE #ApplicationSecurity #ProductSecurity
This #LastWeekInAppSec is a great reminder that automation and dev tooling is part of an organizations attack surface. #Sigstore, #pnpm, and #n8n all have vulns to pay attention to, but (mostly) not panic over.
👉 should you worry? read: buff.ly/ATRNVz3
#AppSec #ProductSecurity #DevSecOps #DevOps
What’s more important, a degree or experience? #cyberworkforce #productsecurity #secops #podcast
A 510(k) is a permission slip, not a security strategy.
Paper-whipping docs to pass a snapshot while ignoring the permanent reality of risk. If you aren't quantifying the cost of failure in a hospital mosh pit, you aren't doing GRC. You're just coloring.
#MedTech #ProductSecurity #Risk #LITL
In SaaS, a bad release is an angry Slack channel. In MedTech, it's life or death. If you think 'move fast and break things' works in a clinic, you're a liability.
Trading roadmaps for risk registers. Launching Lost In The Loop (LITL):
tinyurl.com/TradingTheRo...
#MedTech #ProductSecurity #LITL
MVP gets you to market.
MVSP keeps you in the market.
Security can’t wait for version 2.0.
Here’s why MVSP is the future of product engineering 👇
🔗 Read more! bitl.to/5UYd
#MVSP #ProductSecurity #DevSecOps
Let's be mindful and considerate - and help each other to move the needle. Now and in 2026. 💜
#osco #osco26 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity [lisi] 2/2
🏰 Zitadel identity manager has 3 serious vulns to patch that could leave organizations at serious risk, including account takeovers and reading of sensitive data.
#SupplyChainSecrity #Vulnerability #ProductSecurity #InformationSecurity #CyberSecurity #Patch #Zitadel
Prime Security raises $20M Series A to scale its agentic product security platform #Technology #Business #Startups #SeriesA #ProductSecurity #StartupFunding
... (and finally:)
✅ Save the dates for #osco26 on November 5-8, 2026! 😉
#CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
2/2
The Cyber Resilience Act (CRA) is reshaping how manufacturers build connected products.
Security is now part of conformity assessment — not an add-on.
If your IoT device connects, CRA applies.
Now is the time to strengthen security processes.
#CyberResilienceAct #IoTSecurity #ProductSecurity
EN 18031 enables CE compliance.
EN 303 645 boosts IoT resilience.
Combine both for long-term product trust.
We can help outline your testing sequence.
#EN18031 #EN303645 #ProductSecurity
We’re about two weeks
The Cyber Resilience Act raises the bar for product + software security. But the roadmap doesn’t have to be overwhelming.
December 2
10AM ET / 2PM GMT
Grab your seat issa.org/event/prepar...
#CyberResilience #CRA #SBOM #ProductSecurity #ISSAINTL
🤖 Flowise, a visual designer for agentic AI workflows, allowed password changes without verifying the existing password. Combine that with past flaws that made session theft easier: persistent account-takeover path. Upgrade immediately.
#AppSec #AIsecurity #ProductSecurity #PasswordSecurity
🧵3/4
That could look like blocking the relevant endpoints in server configurations or edge devices like #WAF or reverse-proxy systems, setting files read-only, etc.
#ApplicationSecurity #VulnerabilityManagement #DevSecOps #DevOps #Cybersecurity #ProductSecurity 🧵3/3
👥 Lower-severity but still notable GitLab issues:
• CVE-2025-6601 (3.8) — Group membership business logic flaw
• CVE-2025-11989 (3.7) — Missing authorization in quick actions
#ApplicationSecurity #ProductSecurity #GitLab 🧵5/7
Yes. Yes, you've seen correctly. There's going to be an Open Security Conference 2026! 😍
🗓 Save the dates: November 5-8, 2026. ✅
opensecurityconference.org
#osco #osco26 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
We're so glad to have you all. See you at #osco26! 🤩
opensecurityconference.org
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
3/3
We're very much looking forward to seeing lots of these folks again in 2026. 😊
opensecurityconference.org
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
2/2
Oh wow, look at this program packed full of awesomeness! And it's just the first open space day. More goodness to come! 😍
opensecurityconference.org
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
Give visibility to champions and encourage volunteers. Bring security closer to teams and foster a culture of shared knowledge.
———
🏗 Building an AppSec Program from Scratch - Mireia Cano
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]
Clear expectations and structured onboarding for security champions really helped, including sharing security baseline knowledge.
———
🏗 Building an AppSec Program from Scratch - Mireia Cano
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]
Security champions know the context of their team, invaluable. Monthly meetings, 1 to 1 sessions, security seminars. Share knowledge and build relationships.
———
🏗 Building an AppSec Program from Scratch - Mireia Cano
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]
Lots of questions for Mireia! People are curious to hear more & share their experiences as well - especially on security champions & how to have them succeed.
———
🏗 Building an AppSec Program from Scratch - Mireia Cano
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]
Do you know this situation where you feel like every tool has improved besides the one that you chose?
———
🏗 Building an AppSec Program from Scratch - Mireia Cano
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]
Security champions embedded in each domain to bridge gaps. This transformation didn't happen overnight, and it's a never-ending journey.
———
🏗 Building an AppSec Program from Scratch - Mireia Cano
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]
Security is no longer enforced through gates, teams own their security. Metrics and dashboards enable teams to track progress towards their goals.
———
🏗 Building an AppSec Program from Scratch - Mireia Cano
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity [lisi]
