TISAX — the Trusted Information Security Assessment Exchange — or Trusted ISA Exchange – is the automotive industry’s answer to a decades-old problem: every OEM was running its own supplier security questionnaire, and tier-1 and tier-2 suppliers were drowning in redundant audits. ENX Association, backed by the VDA (Verband der Automobilindustrie), formalized the exchange […]
AI Security Best Practices: What Every Employee Needs to Know A summary of an AI Security Policy — covering the risks that matter, with real examples of what goes wrong when they are ignored. AI tools are now part of everyday work — writing, coding, summarizing, automating. That is not going to change. But most […]
We started to talk about the SOC2 Type 2 certification and I feel that we neglected it a bit. I wrote a bit about SDLC, Secure SDLC in particular, but now it is time to bring them together. SOC 2 Type 2 and Secure SDLC — the big picture SOC 2 Type 2 evaluates whether […]
Evaluating Python library safety comes down to a few key dimensions: Check the source and provenance PyPI page: Look at download counts, release history, and whether the project links to a real GitHub/GitLab repo. Author/org reputation: Libraries maintained by well-known companies (Google, Meta, Microsoft, Palantir) or established OSS orgs carry more trust than anonymous accounts. […]
What is the Cyber Resilience Act – CRA The Cyber Resilience Act is the first European regulation to set a mandatory minimum level of cyber security for all connected products available on the EU market – something that did not exist before. The CRA is a regulation from the European Union — formally Regulation (EU) 2024/2847 […]
ENX has released an interesting article about how NIS2 requirements map to TISAX requirements. For this, there is a short introductory article called “TISAX and Cybersecurity in Industry – Expert Analysis Confirms NIS2 Coverage” and and a full article of 75 pages : https://enx.com/TISAX-NIS2-en.pdf An analysis conducted within ENX’s expert working groups examined how well […]
My company develops security products for all major operating systems. We work with startups and with big companies, all striving to develop features (functional and non-functional) as fast and as good as possible. While on the first view this seems like a contradiction, there are actually ways of implementing exactly this. For security software development […]
In the previous article, we explored how Scrum enables teams to add security to the backlog and prioritize it based on risk. Incorporating security into the SDLC ensures that security is not an afterthought but an integral part of the development process. Security User Stories are specific, actionable items that articulate the security needs of […]
Agile Software Development: Why It’s Better Traditional development methodologies, such as the Waterfall model, struggle to keep up with the need for quick iterations, frequent releases, and adaptability to changing requirements. Agile software development addresses these challenges by emphasizing flexibility, collaboration, and continuous delivery. Agile methodologies break down the development process into smaller, manageable […]
The recent outage caused by Crowdstrike’s faulty update has create a lot of discussions. I wrote a post on LinkedIn where I asked the readers why are IT professionals using Crowdstrike on some systems that shouldn’t be in need of such protection in the first place. The answers in various groups were mostly related to: […]
You must be logged in to post a comment.