This is the part 2 of the series about the TISAX label: TISAX getting started: A Deep Dive into the ISA Assessment Workbook (part 1). ISA VDA 6.0.3 (part 2) — Information Security Sheet: IS Policies and Organization Chapter 1 — IS Policies and Organization This chapter establishes the governance foundation of the […]
TISAX — the Trusted Information Security Assessment Exchange — or Trusted ISA Exchange – is the automotive industry’s answer to a decades-old problem: every OEM was running its own supplier security questionnaire, and tier-1 and tier-2 suppliers were drowning in redundant audits. ENX Association, backed by the VDA (Verband der Automobilindustrie), formalized the exchange […]
AI Security Best Practices: What Every Employee Needs to Know A summary of an AI Security Policy — covering the risks that matter, with real examples of what goes wrong when they are ignored. AI tools are now part of everyday work — writing, coding, summarizing, automating. That is not going to change. But most […]
This is the extension of the original article AI Adoption for companies (based on OECD data) What US Companies Are Actually Spending — And Where It Maps The OECD data gives you the strategic framework. US-specific data gives you a reality check on spending. Here is what verified US sources report. Adoption in the […]
Why You Need to Read This Now Between 2020 and 2024, the share of firms using AI across OECD countries more than doubled — from 5.6% to 14%. Large firms (250+ employees) are at 40% adoption. Small firms (10–49 employees) are at 11.9%. Mid-sized firms sit in the middle at 20.4%. That gap is […]
We started to talk about the SOC2 Type 2 certification and I feel that we neglected it a bit. I wrote a bit about SDLC, Secure SDLC in particular, but now it is time to bring them together. SOC 2 Type 2 and Secure SDLC — the big picture SOC 2 Type 2 evaluates whether […]
Evaluating Python library safety comes down to a few key dimensions: Check the source and provenance PyPI page: Look at download counts, release history, and whether the project links to a real GitHub/GitLab repo. Author/org reputation: Libraries maintained by well-known companies (Google, Meta, Microsoft, Palantir) or established OSS orgs carry more trust than anonymous accounts. […]
What are you doing is wrong! Most engineering teams are tracking effort and calling it progress. Story points, commit frequency, PR cycle time, items from a Definitions of Done implemented or respected — these are process metrics dressed up as productivity metrics. They tell you how busy your team is. They tell you almost nothing […]
What is the Cyber Resilience Act – CRA The Cyber Resilience Act is the first European regulation to set a mandatory minimum level of cyber security for all connected products available on the EU market – something that did not exist before. The CRA is a regulation from the European Union — formally Regulation (EU) 2024/2847 […]
This is a a developer focused guide in three parts to evolving code, architecture, and processes with the purpose of turning a raw concept into a usable product. This process is one of the hardest parts of software development. Teams often jump into implementation too early, or they build something polished before testing whether the […]
You must be logged in to post a comment.