This week's articles
Terraform as part of the software supply chain
#attack, #supply-chain, #terraform
Post examining the supply chain aspects of Terraform, starting with a closer look at malicious Terraform modules and providers and how you can better secure them.
Democratizing Security Detection
#defend, #monitor, #strategy
Security detection programs face significant scaling challenges. This post shares Palantir's learnings and suggests actionable detection strategies.
Purpose-based access controls at Palantir
Tracking who has access to what information and why, across thousands of datasets and users, is an intractable challenge. Here's how Palantir solved it.
The State of Secrets Sprawl 2022
The 2022 State of Secrets Sprawl report measures the exposure of secrets within GitHub, Docker and internal repos and how it is evolving year to year.
Dockerfile best practices
#build, #containers, #explain
Dockerfile best-practices for writing production-worthy Docker images.
Securing Cloud Services against Squatting Attacks
#aws, #azure, #defend, #gcp
Post discussing the root causes of cloud squatting from an IT practitioner's perspective, and demonstrates the steps companies can take to harden their infrastructure.
Dealing with Multiple SBOMs
SBOMs do not need to look the same to validate the artifacts described in them. As long as the data inside is correct you should be able to do it.