Before you go, please follow our new Mastodon account: . We'll be posting all of our content there too as we see how the Twitter cookie crumbles. @lunasec@infosec.exchange. #infosec #infosectwitter #Mastodon #mastodonmigration.

RT @lcamtuf: I'm not a fan of using SBOMs for vulnerability response. It can be argued that they are better than nothing - but I'm not so s….

RT @LeonDerczynski: Vector DB intro w/ sample code and links to a few popular ones with free plans - .

RT @JosephJacks_: I’m an instant pass on any startup that just wraps OpenAI. Zero differentiation over time. Building your solution / app….

RT @freeqaz: There's a new Open Source LLM model called "Cerebras-GPT" that hit the internet yesterday. I was curious how it compared in pe….

RT @ID_AA_Carmack: From a DM, just in case anyone else needs to hear this.

RT @freeqaz: Super helpful list of ChatGPT alternatives with a focus on the licensing stuff .

Sneak peak of what we are teaching ChatGPT to do. Watch it browse the web like a human. Amazing stuff. Not shown, we also have it hooked up to our vulnerability database. Should be available in a discord bot for you next week.

RT @freeqaz: We could add this functionality into the dependency helper bot we've been building on GitHub. Please leave your thoughts in th….

Props to @Phylum_IO for finding this malware in Pypi!.

RT @swyx: A "truthy" lie will run 2x round the world faster than a boring truth. The sad fact that a high effort piece from @alexrkonrad a….

RT @JosephJacks_: So. @YCombinator has invested in 100+ COSS startups since 2008 (80%+ of those over the last 2 years alone!). If this w….

RT @JosephJacks_: WOW… Nearly 10% of ALL games published on @Steam are built with @godotengine. 🔥 📈 🤖

We've added environmental adjustment to LunaTrace. Answer a couple of questions about what type of app you're scanning and the severity of your vulnerabilities will be re-calibrated using the environmental CVSS spec, automatically.

Looks like a vuln in "Control Web Panel" is being actively exploited in the wild. Ars has some more details here --

RT @IAmMandatory: >blog post hits HN.>check comments.>friend already defending post from comment snark

RT @intigriti: Your grandma asks you what an XSS is, what do you answer? 👵.

Status update for 2023: Here is a video of @breadchris showing off the new dynamic tracing capabilities that we've been adding to LunaTrace over the past few weeks. You can now see which CVEs are ever executed in production-- a helpful signal for patching!.

RT @breadchris: "Cross-Site Request Forgery in OWASP CSRFGuard" got to love the irony CVE-2021-28490.

FYI if you stop seeing as many Mastodon links here, it's because Twitter is now blocking them.