HackerTrans
TopNewTrendsCommentsPastAskShowJobs

caloique

no profile record

Submissions

Starbucks to open new stores every 3 days in India

qz.com
1 points·by caloique·hace 3 años·0 comments

[untitled]

1 points·by caloique·hace 3 años·0 comments

[untitled]

1 points·by caloique·hace 3 años·0 comments

US Gov. stresses audit logging importance in wake of Chinese APT intrusions

csoonline.com
4 points·by caloique·hace 3 años·0 comments

Decoding the Cybersecurity Vendor Ecosystem: 3231 companies

ventureinsecurity.net
1 points·by caloique·hace 3 años·0 comments

[untitled]

1 points·by caloique·hace 3 años·0 comments

Ask HN: What's the best HR platform/service to handle hirings in the U.S.?

1 points·by caloique·hace 3 años·0 comments

Show HN: Open-source – Add Audit Logs to your SaaS app

github.com
7 points·by caloique·hace 3 años·1 comments

Ask HN: Are you using open source solutions to secure your SDLC?

4 points·by caloique·hace 4 años·0 comments

Ask HN: Do developers care about security?

2 points·by caloique·hace 4 años·6 comments

Show HN: Enterprise-Ready SaaS Starter Kit

boxyhq.com
7 points·by caloique·hace 4 años·1 comments

Event: Security for Developers

sec4dev.io
1 points·by caloique·hace 4 años·1 comments

From DevOps to DevSecOps: Security is the top concern

about.gitlab.com
3 points·by caloique·hace 4 años·0 comments

[untitled]

1 points·by caloique·hace 4 años·0 comments

Developer-first Security sucks Is it essential to automate product security?

boxyhq.com
5 points·by caloique·hace 4 años·0 comments

[untitled]

1 points·by caloique·hace 4 años·0 comments

[untitled]

1 points·by caloique·hace 4 años·0 comments

[untitled]

1 points·by caloique·hace 4 años·0 comments

comments

caloique
·hace 3 años·discuss
Co-founder of BoxyHQ here - We've crafted an open-source enterprise SSO because we firmly believe that robust security shouldn't be a privilege limited to large organizations. Ideally, essential enterprise-level features like this should become commonplace for all.

While we acknowledge the reasons behind SSO being in the enterprise tier, we're all on a collective journey to enhance our security measures. Open Core models are indeed a good option (my preference), yet the dynamics vary across solutions and industries. It's up to each of us to explore, experiment, and discover what resonates with our market. In doing so, we can foster growth while maintaining our commitment to supporting the community in the long run.
caloique
·hace 3 años·discuss
Supertokens also allows you to implement enterprise SSO through their integration to SAML Jackson (by BoxyHQ).

https://boxyhq.com/guides/jackson/integrations/supertokens
caloique
·hace 3 años·discuss
Reading this blog post made me think if there are other options for open source companies to generate revenue.

Besides Donations, Support, Licensing, Cloud-hosted Services or the Open-core model.

Any ideas/suggestions? And which one would you recommend (ideally based on experience)?
caloique
·hace 3 años·discuss
1) The richest man in Babylon 2) The four agreement 3) Secrets of the Millionaire Mind
caloique
·hace 3 años·discuss
Hey everyone, Retraced is an audit logs OSS product, that was initially built by Replicated and it has been enhanced by BoxyHQ.

With it you can now give your users the superpower to track every critical event within your product, and get full visibility over their account’s activities on your app. You will also allow them to send security-related events to their SIEM. It would be great to get your feedback.

Key features: - Compliant audit logs for your product - Record user and system activities - Admin UI to view logs. Also embed the viewer anywhere in your product - Export events to CSV or security systems like your favourite SIEM - Cryptographically guaranteed immutability of logs with a verifiable digest
caloique
·hace 3 años·discuss
Plus one! I was recommended the book "The Hidden Life of Trees". Did anyone read it? Any related articles, please share :)
caloique
·hace 4 años·discuss
Thanks for the insights, have you seen any good practice (tips) on how 'security mechanisms for development' could actually help security teams and developers work smoothly? Instead of being the reason for conflict.
caloique
·hace 4 años·discuss
Interesting point, and why do you think is that?
caloique
·hace 4 años·discuss
Pricing is one aspect, but OSS solutions bring community and a level of transparency that most closed source companies don't.
caloique
·hace 4 años·discuss
Sounds like BoxyHQ could be relevant here. Plug-n-play for developers that need to build enterprise features like SSO, audit logs, directory sync, privacy vault and other boring stuff that are required to be compliant.

100% free & self-hosted. It's Open source (Apache-2.0 license) [I am one of the co-founders, sorry for the plug]
caloique
·hace 4 años·discuss
Found it here: https://www.chatwoot.com/pricing

@pranav_rajs I couldn't see some enterprise-grade features like audit logs or privacy vault. Would love to help for free. Open source & plug-n-play: www.boxyhq.com
caloique
·hace 4 años·discuss
Enterprise-ready SaaS Starter Kit is a Next.js based SaaS Starter Kit that can save hundreds of development hours while building enterprise SaaS apps.

Even though there are many similar projects out there, focusing on the enterprise readiness aspect could help developers save some time. It still is in an early stage of development, that's why feedback would be great!

Github: https://github.com/boxyhq/saas-starter-kit
caloique
·hace 4 años·discuss
Agree, I think it is impossible not to compare with others. I don't think you always have to "walk back from it", sometimes is good to achieve your goals, the challenge is doing it in a healthy way.
caloique
·hace 4 años·discuss
Fair point, but going through the comments, I'm not trying to sell anything. One is reframing the suggested question and sharing a consolidated list of resources. The other two are on a free tool (not suggested before) to solve the problem stated, so the aim was to expand the options. But point taken ;)
caloique
·hace 4 años·discuss
This is counterintuitive because the more productive your development team is the more security holes they will leave behind. The thing is how to keep the productivity while increasing the security.

Here is a list of OSS developer security tools: https://github.com/boxyhq/awesome-oss-devsec
caloique
·hace 4 años·discuss
https://github.com/boxyhq :)
caloique
·hace 4 años·discuss
Not necessarily, there are actually 3 options: Buy vs Build vs Use OSS :) > https://github.com/boxyhq/jackson
caloique
·hace 4 años·discuss
Curious to hear more about other alternatives to building it internally, lately I've heard a few people claiming that they built it in 1 - 2 days. Still don't know how.

There are good open source solutions that let you plug and play these enterprise features (I am biased here). But instead of thinking about the problems with implementing Single Sign-On, I think we should focus on a bigger problem: How can we make security accessible and simple for developers? I am not saying don't charge for SSO, I know it helps startups be sustainable, but here is where I truly believe that open source is one of the key answers.
caloique
·hace 4 años·discuss
Indeed, people forget about the cost and pain of supporting these things. For full disclosure, I am a co-founder @BoxyHQ, an open source devtools startup providing free enterprise SSO (called SAML Jackson), directory sync (beta - feedback is welcome), audit logs and so on.

Pricing is tricky, and as you said, people complain a lot. Since this is because we all have different points of view, we will never agree. But there are some things that most of us should agree, like the fact that we need to raise the security standards. Then the question is what we can do as a community - besides trying to avoid being on the sso.tax list.
caloique
·hace 4 años·discuss
Do you know other relevant events for Developer-first Security?