Dag Flachet

Securing digital products under the Cyber Resilience Act - Help Net Security The Cyber Resilience Act sets minimum security standards for digital products, differing from GDPR in its regulatory approach.

How does the impact of CRA compare with GDPR?
www.helpnetsecurity.com/2025/04/18/d...

For the first time in my career I will be speaking at the main Global Appsec Conference.

If you are interested in appsec, or you are just a really good friend and want to support me, you are more than welcome to attend!

The main talk is on Thursday 29th of May at 3:30PM at CCIB Barcelona.

Information Security and Cybersecurity: Understanding the Layers Understanding the differences between information security and cybersecurity. Explore the layers of security across the organization.

A layered perspective to security programs. What is the right level for you? codific.com/information-...

CODIFIC on LinkedIn: SAMMY 2024 Wrapped 🎉 SAMMY 2024 Wrapped 2024 was a year of remarkable growth and innovation for SAMMY. Here is what we achieved: Thank you to all of our users and…

If the Gif isn't giving it for you, you can check it out here: www.linkedin.com/posts/codifi...

In 2024 we finally had the impression we moved the meter, at least a tiny bit, in helping to build a simple and safe digital future. The road is long and the steps are small. Let's take more baby steps in 2025 and mature the world appsec defences.

OWASP SAMM on LinkedIn: Supporters 🎉 We're thrilled to announce CODIFIC as OWASP SAMM's first Gold supporter! Their incredible contributions over the past year have helped transform key…

At Codific we invest a lot of effort in different OWASP projects, and OWASP SAMM is our favorite. We do this for "free" but we get a lot in return. Recognition is one thing, but more important is a seat at the table designing the simple and safe digital future. www.linkedin.com/posts/owasp-...

See you there! Or here, I live here :). Welcome to bcn Owasps!

What is NIST 800-53? A comprehensive guide Learn what NIST 800-53 is, its structure, advantages, and how to implement it effectively to manage risks and enhance cybersecurity.

There are more than 1000 controls in NIST 800-53, so how do you find your way? codific.com/what-is-nist...

HIPAA: An Implementation Guide Explore key steps for implementing HIPAA compliance, ensuring patient privacy and enhancing data security in healthcare.

Need to comply with HIPAA? My colleague Mahe just published a guide. codific.com/hipaa-an-imp...

A Guide on How to Get Hacked Unlock the comically disastrous world of cyber-insecurity with our satirical guide on how to get hacked! Disclaimer: THIS BLOG IS SATIRICAL.

FOMO? Dying to get hacked like everyone else you know. We got your back! codific.com/how-to-get-h...

AppSec and Chess: Two different worlds with remarkable parallels Learn about application security (AppSec) by learning about some of its many parallels with the beautiful game of chess.

Chess is still the king of all games, convince me otherwise! codific.com/appsec-and-c...

Bridging Compliance Standards: Harnessing SAMMY and OpenCRE Discover how bridging compliance standards can help organizations navigate the complex landscape of AppSec and improve overall security.

OWASP, NIST, ISO, so many standards and frameworks. If only your assessment in one could map to the next. Well, it turns out it can, kinda. codific.com/bridging-com...

Google calendar now has dark mode. But, I really don't care, and I don't get the fuss. All apps are boasting dark mode now as if it is something super high tech. Bro, I had dark mode on my MS-Dos pc.

Comparing NIST SSDF and OWASP SAMM: A Comprehensive Analysis Comparing NIST SSDF and OWASP SAMM: Which is the best framework for your application security program? Find out in our latest blog post.

NIST SSDF or OWASP SAMM which one to pick as the backbone of your application security program? And you really have to pick? codific.com/comparing-ni...

a group of people standing in front of a sign that says shh they don t know that ALT: a group of people standing in front of a sign that says shh they don t know that

Black Friday special: OWASP SAMM is now free to use. Wait.. aren't all OWASP resources free? ...shhhh!

h, plack's constant

Reporting with OWASP SAMM Reporting with OWASP SAMM. How to adequately collect, aggregate and report data across large organizations.

Ik heb de talk niet gehoord, maar ik denk best wel dat er heel wat CISOs daar hard over nagedacht hebben. Dat is mede de reden waarom OWASP SAMM bestaat. codific.com/reporting-wi...

Happy thanksgiving, and a special thank you to anyone who contributes to an open source project!

Codific Videolab YouTube video by Codific

Doctors and nurses have always been there for us. From the first to the last breath, they are there when it really matters. So it is nice when we, the nerdy computer people, can do something back for them. youtu.be/k6oClwzUa9k?...

Molt be!

How to carry out interviews for OWASP SAMM Assessments? YouTube video by Codific

So what does a OWASP SAMM interview look like? Who do you interview? What does the interview look like? How many people should you interview? How can you get started? www.youtube.com/watch?v=3Btv...

Excited! Working on it!

Reporting with OWASP SAMM Reporting with OWASP SAMM. How to adequately collect, aggregate and report data across large organizations.

Using OWASP SAMM allows you to communicate internally in a nuanced way about the security state and security roadmap of each team, project or business unit. codific.com/reporting-wi... #appsec #owasp #infosec

BSIMM vs SAMM: Which model is better? Discover the differences between BSIMM vs SAMM, two leading frameworks for building effective application security programs.

As a company you can keep track of all your appsec processes with BSIMM or SAMM. But which one should you pick? codific.com/bsimm-vs-samm/

Ik was mij niet bewust van een beperking. Ik ben Vlaming, close enough? Maar ik post eigenlijk altijd in het Engels, dat is inclusiever, alle Nederlandstaligen kunnen wel Engels.

Super bedankt! De Engelse lijst mag ook aub! Bedankt voor het initiatief te nemen.

Dag @jilles.com zou je mij kunnen toevoegen aan de lijst? Ik post vooral over OWASP en appsec.

How to implement FISMA Implementing FISMA made easy: Follow our practical guidelines to achieve information security and compliance for government data.

Unpopular opinion: some regulations are good. Trump claims he will try to do away with a lot of regulation. But some regulation is actually actionable and effective. Case in point FISMA. Government and government contractors should be held to high security standards.
codific.com/how-to-imple...

SAMM Assessment: Everything you need to know from industry experts YouTube video by Codific

Here is a deep dive by OWASP SAMM experts on the practical aspects of SAMM assessments. With
@aramh.bsky.social Maxim Baele, Brian Glas and Rob van de Veer. What a dream team :) youtu.be/Zg-HN17D3O8?...

OWASP SAMM Benchmark Data Update View the latest OWASP SAMM Benchmark data including our in-depth analysis and interpretation of the results.

So how is the other guy doing? Are you top off class? Find out in the OWASP SAMM benchmark. codific.com/owasp-samm-b...