opsek
154 posts

opsek
@opsek_io
Operational security audits and training for web3 organizations and HNWIs. We train your team and harden your stack, so you don't get hacked.

Welcome @PabloSabbatella to the DSS 2026 Review Committee. Thank you for helping shape this year's technical program. DSS 2026 | Mumbai, India











Update or not? That's the question. Here's the answer 👇 - Update everything the second it drops? → You risk pulling in a compromised library or dependency (a supply chain attack). - Never update? → You leave hundreds of known vulnerabilities sitting unpatched and getting exploited in the wild. The way out: it depends on WHAT you're updating. I split it into two groups: - 🟢 Group 1: Software from large orgs with real review processes and release pipelines. Treat their updates as safe by default, so patch FAST: macOS, Windows, Android, iOS, and browsers (Chrome, Safari, Firefox, Brave, etc). - 🟡 Group 2: Packages, libraries and tools with deep dependency trees, often maintained by tiny teams with little to no OpSec or release controls. Here you slow down and verify before bumping. For Group 2 I like the approach Dan Guido (@dguido, co-founder & CEO of Trail of Bits) shared in a recent talk: on top of disabling install scripts in NPM, they enforce a mandatory package cooldown: nobody installs a package version less than 7 days old, across any package manager, company-wide, enforced through MDM (Jamf). This works because most npm/PyPI compromises get caught and pulled within hours to a few days. A 7-day cooldown closes that window before the bad version ever lands on your machine. Summary: patch trusted vendors fast, pin untrusted dependencies and review before you bump.


You choose it or not, your organization is gonna be OpSec audited either way. Choose wisely

Apple’s 2026 patch cadence looks unusual. By May 21, Apple had already shipped 7 iOS/iPadOS 26 updates and 6 macOS 26/Tahoe updates, plus a new category: Background Security Improvements. This isn’t just “bug fixes.” It may be a sign of a structural change in delivering updates.






