What have I been writing when I haven’t been writing here?
Duck Alignment Academy
- Open source projects don’t exist separately from the outside world — You do your community a disservice when you treat open source as a noble pursuit that’s separate from the noise of daily life.
- Prioritizing your tasks with the Eisenhower Matrix — The Eisenhower Matrix is a simple framework for prioritizing your tasks by determining a task’s importance and urgency.
- Improvement requires context — If you swoop in uninformed, you might make some correct decisions, but you’ll probably make more wrong ones. (I’m looking at you, Elon.)
- Every project is a software project — It’s a good reminder that our audience is broader than we might think and we should act accordingly.
Kusari
- Alarms Raised by Critical Reverse Backdoor Vulnerability in Medical Devices (ghostwrite) —Medical monitors have critical security flaws, allowing unauthorized code execution and patient data leaks.
- Unpacking the Kusari Score (ghostwrite) — Cut through the noise to prioritize which vulnerability gets fixed next.
- Unpacking the Kusari “Effort to Fix” Capability (ghostwrite) — Get a clear understanding of the work involved in remediating a vulnerability so you can schedule it in your sprint without blocking feature work.
- Analyzing third-party risk in open source software — Third-party risk management is an important part of protecting your organization. But how do you manage the risks of open source software when you have no vendor relationship?
- Addressing third-party risk in open source software — Once you’ve discovered the third-party risks in the open source projects you consume, how do you address those risks without having a vendor relationship with the projects?