I had the worst pitch meeting with a VC: @madelinelawren
She said no to our pre-seed, “you’re wearing the jerseys, but you're not a team yet”
Anyways, she’s now officially our CGO and late co-founder
English
Willem Delbare
6 posts
Willem Delbare
@WDelbare
CTO & Founder @AikidoSecurity | On a mission to make appsec accessible for CTOs | Co-Founded @Teamleader @befutureproofed @Officientapp
เข้าร่วม Temmuz 2016
193 กำลังติดตาม135 ผู้ติดตาม
@captn3m0 @AikidoSecurity Most of these we stopped using 2-3 years ago and were migrated to Opengrep. Phylum no longer exists, Aikido does its own malware research now. We contribute where the maintainers accept our contributions (eg Syft)
English
Just noticed that the old website also credited Semgrep, Gosec,Brakeman, CloudSploit, Trivy, Syft, Grype, ZAP, Nuclei, and Phylum. Are these all no longer used?
They sponsor Betterleaks and OpenGrep work: aikido.dev/open-source, so they know how to do it right.
Nemo@captn3m0
Don't you love it when a billion dollar company decides to stop attributing your open-source work and pass it off as their own? web.archive.org/web/diff/20241… Great job @AikidoSecurity.
English
English
@AikidoSecurity And another free bug report for you:
hub.docker.com/r/composer:2.2… should report these 2 high vulnerabilities, it doesn't blog.packagist.com/composer-2-9-6…
Don't feel too bad, @GrypeProject doesn't pick it up either.
English
Don't you love it when a billion dollar company decides to stop attributing your open-source work and pass it off as their own?
web.archive.org/web/diff/20241…
Great job @AikidoSecurity.
English
@captn3m0 1) is on purpose! We help developers focus on what's important. Not every EOL date is equally important. We don't hide that our product is highly opinionated. For 2) the nginx eol date == the debian eol date, which we check separately
English
As usual, their EOL scanner isn't that good either:
1. It is limited to 38 of the 455 products we track. So simple things like composer:2.6 are not reported.
2. It doesn't detect EOL for things like nginx@1.29.8-1~trixie, because it doesn't check your debian support status.
English
@captn3m0 @AikidoSecurity remediated that in our docs - wasn't hidden on purpose - help.aikido.dev/compliance-and…
English
I've learned some SaaS startup security lessons the hard way over the years. Gathered some of my learnings in a blog post. Please check it out - would appreciate your feedback!
aikido.dev/blog/how-does-…
English