> The incident also prompted LiteLLM to make changes to its compliance processes, including shifting from controversial startup Delve to Vanta for compliance certifications.
This is pretty funny.
The leaked excel sheet with customers of Delve is basically a shortlist of targets for hackers to try now. Not that they necessarily have bad security, but you can play the odds
This is a good reminder that any tool handling sensitive data — even internal ones — needs to be transparent about where data goes. The assumption that SaaS tools protect your data is getting harder to defend.
> The incident also prompted LiteLLM to make changes to its compliance processes, including shifting from controversial startup Delve to Vanta for compliance certifications.
This is pretty funny.
The leaked excel sheet with customers of Delve is basically a shortlist of targets for hackers to try now. Not that they necessarily have bad security, but you can play the odds
This is a good reminder that any tool handling sensitive data — even internal ones — needs to be transparent about where data goes. The assumption that SaaS tools protect your data is getting harder to defend.
Another day another reminder to use a sandbox for software development as a defense-in-depth measure
https://github.com/ashishb/amazing-sandbox
Docker is not a strong security boundary and shouldn't be used to sandbox like this
https://cloud.google.com/blog/products/gcp/exploring-contain...
Compared to what? Which one is superior?
Running npm on your dev machine? Or running npm inside Docker?
I would always prefer the latter but would love to know what your approach to security is that's better than running npm inside Docker.
Read this: https://kayssel.substack.com/p/docker-escape-breaking-out-of...