unicolet.org

Via Farnam Street :

News broke recently that Claude Code found a 23yo old vulnerability in the Linux Kernel NFS driver . If, for one second, we stop with the fear mongering we can realize that this opens up lots of interesting opportunities for a better (more effective) approach to security testing. Instead of relying on outdated models like pentesting, we could "just" feed the application source code to an LLM and have it find vulnerabilities. This is enabled by the fact that understanding a large code base (or any code base for that matter) is more difficult (and practically impossible) than applying known attacks to the external surface area. LLM suddenly make the former convenient enough and actually cheaper than a pentest. Cyber Security consultancies need to update their business model. 

 More proof that we're stuck in the past: https://www.reddit.com/r/embedded/comments/1s1agqo/why_is_bom_management_still_stuck_in_excel_in_2026/ every hardware team I’ve worked with ends up with the same setup… some giant excel or google sheet for the BOM everyone complains about it, but no one really replaces it you get random versions, people overwriting stuff, no idea who changed what, etc but at the same time whenever I look at “proper” tools they feel heavy or just not worth the switch so yeah genuinely curious, what are you all actually using day to day? My latest talk about Continuous Compliance is about moving on from xls (to lower cognitive load): https://www.incontrodevops.it/talk/continuous-compliance/