Login

u/Murky_Willingness171

▲ 14 r/cloudcomputing

Cloud data security isn't about encryption. It's about knowing where the hell your data actually is

Every security audit i’ve been in asks is it encrypted and moves on. Nobody asks "do you know where every copy of that data actually lives."

Encryption is the easy part. The hard part is knowing you have PII sitting in a 4 year old RDS snapshot, a test bucket someone forgot about, and a CSV export in a shared drive that predates your current team.

If you cant list every place your sensitive data exists you aren’t protecting it. You just encrypted stuff you lost track of.

reddit.com
u/Murky_Willingness171 — 9 days ago
▲ 4 r/it

The average browser has 37 extensions. One of them can now control your AI assistant. Is your org tracking this?

Was doing an extension audit after reading about that claudebleed thing and honestly i dont think i want to see the full list anymore.

Half our users have 30+ extensions. Ai assistants, grammar checkers, clipboard managers, random productivity stuff nobody approved. Any one of those could be hijacking another extension right now and we would have no visibility.

We track endpoints, patches, vulns, but then go blind with browser extensions? And now extensions can control agentic AI tools that read screens and send emails on your behalf.

How are y’all handling visibility into this?

reddit.com
u/Murky_Willingness171 — 9 days ago
▲ 29 r/sre

Pulled the SBOM on one of our node services last week. 1400 plus packages in the image. Our app imports maybe 60 of them.

Every scan flags hundreds of vulns in the other 1340 and we spend roughly a sprint a quarter triaging stuff that isnt reachable from a single line of our code.

The fix is simpler than the industry wants to admit: ship less code. If the package isnt in the image it cant generate a cve you have to justify.

If you havent actually checked what percentage of your image your app uses, the number is probably lower than you think

reddit.com
u/Murky_Willingness171 — 26 days ago
▲ 3 r/developers

Spent friday afternoon rescanning base images we promoted clean like 4 months ago. Found 17 new criticals across them. Nothing changed on our end, nvd just caught up on those old digests.

We treat the golden image like a one-time certification but its really just a photograph of what was safe on Tuesday. Am curious how teams are handling automated rebuilds when upstream patches land, or if people are mostly accepting the drift and calling it good

reddit.com
u/Murky_Willingness171 — 27 days ago