mastodontech.de ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Offen für alle (über 16) und bereitgestellt von Markus'Blog

Serverstatistik:

1,6 Tsd.
aktive Profile

#compliance

12 Beiträge10 Beteiligte2 Beiträge heute

Is Node.js the future of backend development, or just a beautifully wrapped grenade?

Lately, I see more and more backend systems, yes, even monoliths, built entirely in Node.js, sometimes with server-side rendering layered on top. These are not toy projects. These are services touching sensitive PII data, sometimes in regulated industries.

When I first used Node.js years ago, I remember:
• Security concepts were… let’s say aspirational.
• Licensing hell due to questionable npm dependencies.
• Tests were flaky, with mocking turning into dark rituals.
• Behavior of libraries changed weekly like socks, but more dangerous.
• Internet required to run a “local” build. How comforting.

Even with TypeScript, it all melts back into JavaScript at runtime, a language so flexible it can hang itself.

Sure, SSR and monoliths can simplify architecture. But they also widen the attack surface, especially when:
• The backend is non-compiled.
• Every endpoint is a potential open door.
• The system needs Node + a fleet of dependencies + a container + prayer just to run.

Compare that to a compiled, stateless binary that:
• Runs in a scratch container.
• Requires zero runtime dependencies.
• Has encryption at rest, in transit, and ideally per-user.
• Can be observed, scaled, audited, stateless and destroyed with precision.

I’ve shipped frontends that are static, CDN-delivered, secure by design, and light enough to fit on a floppy disk. By running them with Node, I’m loading gigabytes of unknown tooling to render “Hello, user”.

So I wonder:
Is this the future? Or am I just… old?

Are we replacing mature, scalable architectures with serverless spaghetti and 12-factor mayhem because “it works on Vercel”?

Tell me how you build secure, observable, compliant systems in Node.js.
Genuinely curious.
Mildly terrified and maybe old.

Fortgeführter Thread

ISO 27000 nit #3. I had to stare at this for several minutes to try to figure out what "enhancing societal values" was doing in this list. IMO the meaning of all the other list items it clear, but that one's clear as mud. I _think_ what they're trying to get at is improving the security culture within the organization being managed, but honestly, that's just a guess, I'm not even certain that's what they mean.
#infosec #compliance #ISO #ISO27000 #standards #isms

Fortgeführter Thread

ISO 27000 nit #2: The definition of "risk" provided here, "effect of uncertainty on objectives," is dumb, obscure, unhelpful, bureaucratic gobbledygook. It in no way resembles the dictionary definition of risk, which much more closely approximates what I think of when I use the word risk or see it used in an information security concept. I am challenged to understand why they chose this nonsense definition and what they hope to achieve by it.
#infosec #compliance #ISO #ISO27000 #standards #isms

🔐 Rückblick auf den NIS-2 Congress 2025

Diese Woche war Check Point Technologies als Sponsor auf dem 2. NIS-2-Congress 2025 am 6./7.Mai in Frankfurt vertreten - dem zentralen Branchentreffpunkt rund um die neue NIS-2 Richtlinie und deren praktische Umsetzung.

Ein besonderes Highlight war die fesselnde Keynote von Marco Eggerling, der in seinem Vortrag Ist NIS-2 wirklich nur lex specialis oder völlig missverstandene Anforderung an den Grundschutz? Eine kritische Einordnung der Richtlinie - und ein Appell, Grundschutz nicht länger als reines Compliance-Thema zu betrachten.

Ebenfalls mit Tiefgang: Der praxisorientierte Workshop von Thomas Boele, „Cybersecurity First Principles: Vom Leitbild über Strategien zur taktischen Umsetzung im Kontext von NIS-2“. Seine Ausführungen zeigten anschaulich, wie regulatorische Anforderungen mit konkreten Sicherheitsstrategien sinnvoll verknüpft werden können.

Wir danken allen Teilnehmenden für den intensiven Austausch und den Organisatoren für die top organisierte Veranstaltung.

NIS-2 ist gekommen, um zu bleiben. Umso wichtiger ist es, dass wir als Security Community gemeinsam Wissen teilen und Klarheit schaffen.

linkedin.com/company/nis-2-con

www.linkedin.com2. NIS-2-Congress 2025 am 6./7.Mai in Frankfurt | LinkedIn2. NIS-2-Congress 2025 am 6./7.Mai in Frankfurt | 1.960 Follower:innen auf LinkedIn. Wegweisende Plattform für den Austausch über neueste Entwicklungen zur NIS-2-Konformität, IT-Security & -information. | 2. NIS-2-Congress - Der IT-Security Dialog für Unternehmen 6. und 7.Mai 2025 in Frankfurt https://www.linkedin.com/events/7254485355779821569/comments/ Willkommen zum zweiten NIS-2-Congress 2025, einer zukunftsweisenden Plattform für Unternehmen in Deutschland, die sich mit den Herausforderungen und Chancen des NIS-2 Sicherheitsgesetzes auseinandersetzen wollen. Der NIS-2-Congress bietet eine einzigartige Gelegenheit, sich über die neuesten Entwicklungen, Best Practices und Strategien zur NIS-2-Konformität zu informieren und auszutauschen.

⚠️ Legal alert: Broadcom is issuing cease-and-desist letters to VMware perpetual-license users 🚨

📄 Perpetual-license agreements deemed non-compliant
🛑 Users must migrate to subscriptions or face legal action
🔒 Broadcom cites IP infringement and support violations
💡 Action: Audit your license status and plan your upgrade path now

#VMware #Broadcom #Compliance #ITsecurity #SoftwareLicensing
arstechnica.com/gadgets/2025/0

Close-up of hands signing a document with a pen
Ars Technica · VMware perpetual license holders receive cease-and-desist letters from BroadcomVon Scharon Harding

One more On Location recording — this time, we’re exploring a shift in the compliance mindset!

🚀 New Brand Story from #RSAC2025: From Overhead to Advantage — Turning #Compliance into a Strategic Asset

At #RSAC Conference 2025, Sean Martin, CISSP sat down with Steve Schlarman, Senior Director of Product Management at Archer Integrated Risk Management, to explore a powerful shift in mindset: treating compliance not as a burden, but as a #business advantage.

🔐 How can companies turn regulatory requirements into strategic opportunities that fuel growth, #resilience, and competitive edge?

Find out how #Archer is helping organizations evolve their risk and compliance programs to meet the future head-on.

🎙️ Watch, listen, or read the full story here:
👉 itspmagazine.com/their-stories

📌 Learn more about Archer’s work:
👉 itspmagazine.com/directory/arc

🛰️ See all our RSAC 2025 coverage:
👉 itspmagazine.com/rsac25

🌟 Discover more Brand Stories from innovative companies:
👉 itspmagazine.com/brand-story

🎥🎙️ This is just one of the many incredible conversations we recorded On Location in San Francisco, as Sean Martin and Marco Ciappelli covered the event as official media partners for the 11th year in a row.

Stay tuned for more Brand Stories, Briefings, and candid conversations from RSAC 2025!

🎤 Looking ahead:
If your company would like to share your story with our audiences On Location, we’re gearing up for Infosecurity Europe in June and Black Hat USA in August!
⚡ RSAC 2025 sold out fast — we expect the same for these next events.
🎯 Reserve your full sponsorship or briefing now: itspmagazine.com/purchase-prog

📲 Hashtags:
#cybersecurity #infosec #infosecurity #technology #tech #society #business #compliance #riskmanagement #strategicrisk #archer

ITSPmagazineFrom Overhead to Advantage: Turning Compliance into a Strategic Asset | A Brand Story with Steve Schlarman from Archer | An On Location RSAC Conference 2025 Brand Story — ITSPmagazine | Broadcasting Ideas. Connecting Minds.™Steve Schlarman, Senior Director of Product Management at Archer, shares how the new Archer Evolve platform is transforming compliance and risk management from a manual, reactive burden into a streamlined, AI-enhanced business enabler. Discover how quantifying risk and automating regulatory processe
Antwortete im Thread

@vfrmedia @techlore OFC "Tracking" is also offered as something to reduce the rates but I'm against that stuff as a matter of principle.

  • Being that they "reward" people for that with lower premiums, I can imagine a lot of folks getting shafted into agreeing into it.

And I think that's a #DarkPattern that needs to be banned.

  • OFC parts being serialized is common as to both do proper #recalls for #ProductSafety and also to enshure both #compliance with the safety standards as well as track down stolen parts.

And the latter one is a real problem...

Verstehen Sie den Digital Services Act (DSA) und den Digital Markets Act (DMA)?

In unserem Academy-Seminar im Juni erfahren Sie praxisnah, was Unternehmen und Organisationen über die neuen EU-Regelwerke wissen müssen – mit Fokus auf Datenschutz und Compliance.

💡 Frühbucher*innen: Mit dem Code "EarlyBird" bis 21. Mai 2025 10 % sparen!

📅 Jetzt anmelden:
researchinstitute.at/academy/0

#DSA#DMA#Datenschutz