Weekly Short Reads #1

Short Reads

This is for free subscribers and is only available by email. I will share weekly blog posts and book articles directly to your inbox.

1. EndorLabs introduced Endor Magic Patches, which is an interesting solution. One of the problems I've faced when advising developers to patch third-party vulnerabilities is that sometimes they aren't able to upgrade to a new version, or the required version isn't available. With Magic Patches, you don't have to upgrade. Instead, you can use the Endor Magic Patch library that matches the existing library, which takes care of the patching process.

2. Deb Liu captures what skills are needed and what it takes to transition to manager

3. Black Hat USA Slides

4. The GRC Engineering Manifesto has been released, which is a welcome development. GRC has traditionally operated in silos. Now, by adopting this manifesto and applying engineering principles, GRC will mature.
   https://franklyspeaking.substack.com/p/compliance-grc-engineering-is-promising?r=5r29k&triedRedirect=true

5. When I read this blog, I gained insight into how we can use "Error Budgets" from SRE SLO metrics. What do you think? Would error budgets be useful for quantifying the acceptance of unfixed vulnerabilities?