In the last7days series on this blog I’ll revisit interesting content from twitter from the last 7 days and I’ll add further comments or responses to feedback which I got. The list will have about 3-5 pieces of content to keep it crisp and I hope you like what you see!

You can subscribe to the blog also via eMail.

1) Gorillas: Special offer - unicorn slices, 150g 🦍❤️ by @zerforschung

Great forensic study about a big German food delivery service in trouble. It is great to have citizen hackers around who can discover security & privacy issues like this. Gorillas billboard

A team member of mine participated in “hacking” a contact tracing solution for restaurants and found similar leaks there.

Interesting aspect behind the catchy timeline is, which tools are around for smaller software providers to ensure security.

2) Show HN: Stop Putting AWS Credentials in GitHub Secrets by @SamlToSupport

This is about an Ansible task for dealing with AWS secrets. Personally - during my first steps to setup a small kubernetes-based cluster, I am also looking for a small scale solution to deal with credentials between different parts of my application. (No solution found yet - )

3) What a Software Bill of material (SBOM) can do for you by @chainguard_dev

THis is a avery helpful overview about the benefits of having the software components in your application document. From my experience having it documented in a non-manual way is already a very good start, however linking this with CVE information about known & new vulnerabilities is even mor helpful.

I esspecially learned about Tern, which I’ll try out soon.

I am happy to get feedback from you!