undefined | Better HN

0 pointsnightpool4y ago0 comments

Self-hosted GitLab got a good callout yesterday from Microsoft, it appears to be a favorite of LAPSUS$: https://www.microsoft.com/security/blog/2022/03/22/dev-0537-...

Self-hosting always increases the operational burden of making sure your systems are secure. Maybe you have the engineering resources to spend on patching everything immediately and conducting in-house pen tests, but for most companies it's much, much more secure to let the software's developers host it as well.

0 comments

temp89644y ago

Not necessarily. Self-hosted services are protected by company firewall / VPN. They can setup very restrictive network access. They don't have the same level of risks as public services like GitHub or GitLab.

hhh4y ago

Establishing an entry point via VPN is Lapsus$ primary first step.

Melatonic4y ago

Except that the software developers hosting is also a much, much bigger target and you generally do not have any real control over how often they are patching either.

j / k navigate · click thread line to collapse