Skip to content

intel: devsecops/compliance social updates 2026-03-25#6

Open
kamalsrini wants to merge 1 commit into
mainfrom
intel/devsecops-compliance-social-2026-03-25
Open

intel: devsecops/compliance social updates 2026-03-25#6
kamalsrini wants to merge 1 commit into
mainfrom
intel/devsecops-compliance-social-2026-03-25

Conversation

@kamalsrini

@kamalsrini kamalsrini commented Mar 25, 2026

Copy link
Copy Markdown
Contributor

Automated skill updates from social intelligence scan (2026-03-25).

Findings Applied

  • H&R Block TLS Backdoor (HN #47457162, 149pts) — embedded wildcard root CA private key in DLL

Skills Updated

  • devsecops/secrets-management — embedded binary private key pattern (CWE-321)
  • appsec/secure-code-review — CWE-321/CWE-312 checklist items for CA/cert material
  • compliance/pci-dss-review — trusted-root manipulation case study (Req 4.2, 12.3)

Source

socialsecurityplan.md — 2026-03-25
HN: https://news.ycombinator.com/item?id=47457162

⚠️ Human review required before merge.

@claude
intel: update devsecops/compliance skills from social intelligence 20…
fb316f4 
…26-03-25

- secrets-management: add embedded binary private key / root CA pattern (CWE-321)
- secure-code-review: add CWE-321/CWE-312 checklist items for CA/cert material
- pci-dss-review: add trusted-root manipulation case study under Req 4.2/12.3

Source: HN 47457162 — H&R Block TLS backdoor (embedded wildcard root CA in DLL)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This was referenced Jun 3, 2026
Open
Open
Open
Open
Open
Open
Open
@RanuK12 RanuK12 mentioned this pull request Jun 6, 2026
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kamalsrini