ISO 27001 Annex A and Email Security: A Simple Gap Analysis Guide
Your ISMS is certified. Your Statement of Applicability covers the controls. Your auditor arrives and runs a DNS lookup on your domain. dig _dmarc.you…
Latest News
⚑ Report a ProblemTech news from the best sources
All topics
AI
Gear
News
Tech
agents
ai
api
architecture
automation
beginners
career
database
devchallenge
devops
gemma
javascript
llm
machinelearning
mcp
opensource
performance
productivity
programming
python
react
security
showdev
tutorial
typescript
webdev
NIS2 for developers: translate 66 pages of EU regulation into 10 technical controls
The NIS2 directive became enforceable in EU member states in October 2024. It applies to roughly 160,000 organizations across Europe — significantly b…
How I built an FCA Register scraper on Apify (and why it's the B2B data gap nobody talks about)
When most people think about UK data sources to scrape, they go straight to Companies House. And they should — it's an excellent dataset. But there's …
The Delve Scandal Proved SOC 2 Is Broken — Here's What Micro-SaaS Founders Should Do Instead
You just watched a $32 million YC startup implode because they faked SOC 2 evidence for 494 companies. The Delve scandal, broken by Captain Compliance…
We spent 6 months feeding our compliance data to a major cloud AI. Here's what we got back.
TL;DR: We built our first generation of compliance tooling on top of one of the big three cloud AI platforms. We fed it our screening data, our edge c…
Hardware End-of-Support-Life (EOSL) — The EOL Risk Nobody Tracks
Everyone talks about software EOL. Nobody talks about hardware EOSL. End-of-Support-Life (EOSL) hardware creates exactly the same security exposure as…
Your EOL Dependencies Are a Compliance Problem — Not Just Tech Debt
Most developers know about EOL software the way they know about eating vegetables. Sure, you should stay current. But the real reason to act isn't hyg…
Hidden Compliance Risks from Unsupported Software — What Auditors Find First
Most compliance failures are not discovered in production. They're discovered in audit prep — when someone finally looks at what's actually running. S…
HIPAA + HRSA + FTCA + OSHA at an FQHC: One Compliance Stack, Four Rulebooks
FQHCs run on a four-rulebook compliance regime — HIPAA, HRSA OSV, FTCA deeming, OSHA. The mistake we see most often is treating them as four separate …
Why our eQMS ran in parallel for 18 months — and what I’d do differently
I’ve been responsible for maintaining a Class II product’s QMS during one of the messiest migrations I’ve seen: an 18‑month parallel run where the old…
72 Hours to Report a Breach Why Most Organizations Still Get It Wrong
Most organizations have a breach response plan somewhere. It is probably a PDF, it is probably from 2022, and it is probably never been tested. That i…
From Fuzzy Matching to Evidence Capsules: Building an Explainable Sanctions Screening Engine
Sanctions screening looks simple from the outside. Take a name, compare it against a list, return a score above a threshold, send it to review. That w…
The compliance deadline banks aren't watching for
Most financial institutions have good AI. Very few have good AI governance. There's a practical gap right now between what regulators are signaling (O…
Live UK director-change detection on Companies House: 4 real cases from this month
Most KYB pipelines I've seen treat the UK registry like a monthly snapshot. Aggregators such as OpenCorporates ingest the Companies House bulk feed on…
LangChain issue requests EU AI Act audit logging — frameworks need this now
langchain has an open github issue (35357) requesting structured compliance audit logging for eu ai act article 12. the issue is still open. framework…
the omnibus deal is permission, not a cancellation
modulos shipped the cleanest breakdown of the omnibus deal i've seen. it's worth reading once, then closing the tab and shipping the engineering anywa…
the eu ai act audit deadline just moved 16 months. here's what didn't change.
may 7 2026 - the eu council and parliament agreed to move high-risk obligations under annex iii from aug 2 2026 to dec 2 2027. annex i (ai embedded in…
The US Government Just Made AI Agent Governance a National Priority
On Monday, NIST's Center for AI Standards and Innovation launched the AI Agent Standards Initiative — a coordinated federal effort to develop security…
Review gating vs. review routing: what changed in 2024 (and why it matters)
What the FTC actually said in October 2024 In August 2024 the Federal Trade Commission finalized 16 CFR Part 465 — the Consumer Reviews and Testimonia…
5 things missing from your AI agent audit logs (and how we fixed them in Signet v0.10)
TL;DR — If your AI agent audit log only signs the intent (tool name + args), you're shipping demo-ware. Real audit needs 5 things most projects skip: …