Fair enough regarding the conversation happening here. There can definitely be positives to it. The reason I ask for email is that it’s hard to gauge peoples backgrounds (and the value of the information they provide) without a more intimate and in-depth conversation.
I generally agree with the impression you gave. When you say “IT … doesn’t think of the embedded systems”. Do they actually not think of them? Or is there just not much that they can do at the moment so there isn’t much effort put towards it?
Maybe there’s some other compensating strategy being used like very intense network segregation for embedded devices because of the current state of affairs?
It’s hard to know without digging into your your library, which I haven’t. Also, I’m not a lawyer so I won’t try to give you a legal opinion.
However, you should probably take this one seriously.
I recommend reading the book “Open Source for Business” by Heather Meeker if you are looking for background on open source licensing. It’s written in a way that’s really accessible to non-lawyers.
The core value added by Weaklayer is a new security data feed.
Currently, I think credential phishing detection is the most important thing that can be done with this data feed.
However, this data should be more widely applicable to threat hunting, incident response, compliance and other security activities.
The data is meant to provide visibility regarding what happens inside the web browser - something that I think a browser extension can do much better than an endpoint agent.
The term "Browser Detection and Response" is used because Weaklayer resembles Endpoint Detection and Response in architecture. The key difference being that instead of an endpoint agent, it uses a browser extension.
Having a presence in the web browser like this enables a novel source of security data.
This gives you new capabilities and allows you to implements new controls in your IT environment.
Since Weaklayer gives a new data source, it isn't a replacement for any tools you currently use in your security stack. It's meant to be used along with your existing IT security stack.
A great example of the new capabilities you get is credential phishing detection.
By monitoring user interaction with web pages, you can see when an employee enters their corporate password into a non-corporate website.
The video on the Weaklayer homepage demos this.
Any and all feedback is appreciated!
Send me an email if you prefer private communication or want a hand setting it up.
The other comment about a kit is a good suggestion. FPGA cloud instances are also an option.
Register Transfer Level (RTL) development generally has less pleasant tooling and a much longer feedback cycle than software development. So expect some friction there.
Also, for the algorithms part, you might have something in software that isn’t a great match to hardware and will need some re-architecting. Sorting is a good example of this. Check out “sorting networks” for a popular way of accomplishing sorting in hardware.
I did a master’s thesis on transitioning a graph inference algorithm into an FPGA implementation.
Send me an email if you have any specific questions.
“However, the S3 website endpoint is publicly available. Anyone who knows this endpoint can therefore also request your content while bypassing CloudFront. If both URLs are crawled by Google, you risk getting a penalty for duplicate content.”
I’m curious if anyone has experienced these issues in practice.
I generally agree with the impression you gave. When you say “IT … doesn’t think of the embedded systems”. Do they actually not think of them? Or is there just not much that they can do at the moment so there isn’t much effort put towards it?
Maybe there’s some other compensating strategy being used like very intense network segregation for embedded devices because of the current state of affairs?