WCAG 3.0’s Proposed Scoring Model: A Shift in Accessibility Evaluation, by @smashingmag:

https://www.smashingmagazine.com/2025/05/wcag-3-proposed-scoring-model-shift-accessibility-evaluation/

How Accessibility Audits Are Shaping the Future of User-Centered Design, by @uxmatters.bsky.social:

https://www.uxmatters.com/mt/archives/2025/04/how-accessibility-audits-are-shaping-the-future-of-user-centered-design.php

Lately I got a some new followers, so let me introduce myself again: Dutch citizen interested in Unix, #Linux and #infosec, in particular the combination. Was the original author of rkhunter, a #malware detector, nowadays doing primarily #Lynis development, an #auditing tool that is #FOSS. I share my knowledge as much as possible, as I believe there this will benefit us all. My primary channel is my #blog (see bio) and with a copy to here.

Got questions? Happy to answer them.

Curious... we've covered a number of things on the IC_Null streams so far, is there anything people are curious about in particular? I'm streaming tonight after about a month of not doing so and I'm not quite set on a topic yet :)
If this is new to you, I stream #programming, #cybersecurity, #tech etc. stuff from the perspective of a fully #blind practitioner of such things. No monitors here, just #screenReader and keyboard.
So, what do I do? #TryHackMe? #HTB Academy? Something else entirely like working with #audio? Some kind of #auditing demo? Have a website/tool for me to roast/review? Requests welcome :)
#a11y #accessibility #selfPromo #infoSec #AMA

Enhance your accounting and auditing processes with AI-powered solutions from Osiz. Our advanced technology streamlines data analysis, improves accuracy, and reduces time-consuming tasks, enabling your business to focus on strategic growth.
Visit: https://www.osiztechnologies.com/blog/ai-in-accounting-and-auditing

Enhance your financial operations with #AI in accounting and auditing! Osiz leverages cutting-edge AI technology to boost accuracy and efficiency, transforming traditional processes. Experience real-time data analysis, automated error detection, and streamlined reporting. Trust #Osiz to elevate your financial management to the next level.

Visit: https://www.osiztechnologies.com/blog/ai-in-accounting-and-auditing

Any IT auditors out there? Specifically those who audit security systems/programs. I've got a few questions for ya!

- What are some things that made you successful in your role?
- Are there any technical skills that are critical for your success?
- Any common challenges your face in your role?
- Do you have any advice for anyone trying to make a transition into auditing?
- Recommended readings?

#ITAuditor
#Auditing
#ITAuditJob

"Trump Media’s Auditing Firm Charged With ‘Massive Fraud’ By SEC"

by James Farrell for @Forbes

#auditing #trump #investing

https://www.forbes.com/sites/jamesfarrell/2024/05/03/trump-medias-auditing-firm-charged-with-massive-fraud-by-sec/?sh=720301a47a96

JaVers Auditing : A primer on Auditing Functionality

#auditing #java #javers

https://medium.com/@i_am_pulkit_pandey/javers-auditing-a-primer-on-auditing-functionality-1e9dcc5c9218?utm_medium=erik.in&utm_source=mastodon

One of the weirdest aspect of #EndStageCapitalism is the collapse of #auditing, the lynchpin of investing. Auditors - independent professionals who sign off on a company's finances - are the only way that investors can be sure they're not handing their money over to failing businesses run by crooks.

--

If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/01/26/noclar-war/#millionaire-on-billionaire-violence

1/

Conservatives may deride the #RealityBasedCommunity as a drag on progress and commercial expansion, but even the most noxious pump-and-dump capitalism is supposed to remain tethered to reality by two unbreakable fetters: #auditing and #insurance:

https://en.wikipedia.org/wiki/Reality-based_community

--

If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2023/11/28/re-re-reinsurance/#useless-price-signals

1/

Well there's a name I haven't heard in a while! #auditing

Europe enters patchy road to audit online platforms’ algorithms https://www.euractiv.com/section/platforms/news/europe-enters-patchy-road-to-audit-online-platforms-algorithms/?utm_source=dlvr.it&utm_medium=mastodon #algorithmaudits #Auditing #DigitalServicesActDSA

A common misconception when working with #auditing of #authorization systems is that "deny" events would be particularly interesting. Even to the extent that I've seen some people suggest purging "allow" decisions as noise. But while frequent deny decisions should be investigated, they are mainly a result of the system working as intended. When you have allowed users/actions that *shouldn't* have been allowed, is when you have real problems. Store everything!

I'm seeing the Pre-Auth RCE in Aspera Faspex article making the rounds, which gives some tips on how to spot vulnerable deserialization code in Ruby, such as YAML.load. As a Rubyist and security enthusiast, I need to point out that as of Ruby 3.1.0 and psych-4.0.0 YAML.load is now an alias to YAML.safe_load which will only deserialize core primitive classes (ex: Integer, Float, String, Array, Hash, etc).

YAML.load(YAML.dump(Object.new))
# /usr/share/gems/gems/psych 4.0.4/lib/psych/class_loader.rb:99:in `find': Tried to load unspecified class: Object (Psych::DisallowedClass)

YAML.unsafe_load(YAML.dump(Object.new))
# => #<Object:0x00007f7f37770750>

Simply grepping for YAML.load will not make it rain 0days, unless the code/app is running on Ruby < 3.1.0 or psych < 4.0.0.
#ruby #security #infosec #rails #rubyonrails #bugbountytips #auditing