HackerTrans
TopNewTrendsCommentsPastAskShowJobs

gearnode

no profile record

Submissions

How to set up PostHog: GDPR, CCPA, and global privacy laws

probo.com
3 points·by gearnode·2 maanden geleden·0 comments

What Is a Risk in Compliance?

probo.com
1 points·by gearnode·2 maanden geleden·0 comments

Are you allowed to put that SoC 2 logo on your website?

getprobo.com
2 points·by gearnode·2 maanden geleden·0 comments

Do you need a SoC 2 report?

getprobo.com
2 points·by gearnode·3 maanden geleden·1 comments

Stripe Won't Save You from Bad Access Control

getprobo.com
1 points·by gearnode·3 maanden geleden·0 comments

Potion: Turn your PR review history into Claude Code skills

github.com
3 points·by gearnode·4 maanden geleden·0 comments

Google Workspace Default Settings Are Insecure

getprobo.com
1 points·by gearnode·4 maanden geleden·0 comments

An Open Letter to Aicpa and ISO Accreditation Bodies

getprobo.com
3 points·by gearnode·4 maanden geleden·2 comments

Color-Coded Windows for Git Worktrees on MacOS

github.com
5 points·by gearnode·4 maanden geleden·0 comments

Lightpanda migrate DOM implementation to Zig

lightpanda.io
199 points·by gearnode·6 maanden geleden·143 comments

Improper HMAC Signature Verification in auth0/node-jws

github.com
1 points·by gearnode·7 maanden geleden·0 comments

Mcpgen is a code generator for MCP servers in Go

github.com
2 points·by gearnode·7 maanden geleden·0 comments

The Silent Leak: How One Line of Go Drained Memory Across Goroutines

medium.com
3 points·by gearnode·7 maanden geleden·0 comments

Building Effective Agents

simonwillison.net
1 points·by gearnode·8 maanden geleden·0 comments

Show HN: Granola API Reverse Engineering

github.com
1 points·by gearnode·8 maanden geleden·0 comments

comments

gearnode
·4 maanden geleden·discuss
The division of labor between implementation, documentation, and sign-off isn't the bug. It's the design. Independence between those layers is how you get credible assurance (in theory).

The bug is when nobody actually verifies. The audit firm holds the mandate to look at the full picture. When they sign without doing that, independence becomes a gap. And right now, the bodies supervising those firms aren't enforcing anything when that happens.