Corporate reporting on climate change risks is inadequate https://www.byteseu.com/897861/ #Climate #ClimateChange #Global #GlobalWarming #NatCAT #RiskManagement
#riskmanagement
1 post1 participant0 posts today
Replied in thread
@elementary tl;dr I support your objectives, and kudos on the goal, but I think you should monitor this new policy for unexpected negative outcomes. I take about 9k characters to explain why, but I’m not criticizing your intent.
While I am much more pragmatic about my stance on #aicoding this was previously a long-running issue of contention on the #StackExchange network that was never really effectively resolved outside of a few clearly egregious cases.
The triple-net is that when it comes to certain parts of software—think of the SCO copyright trials over header files from a few decades back—in many cases, obvious code will be, well…obvious. That “the simplest thing that could possibly work” was produced by an AI instead of a person is difficult to prove using existing tools, and false accusations of plagiarism have been a huge problem that has caused a number of people real #reputationalharm over the last couple of years.
That said, I don’t disagree with the stance that #vibecoding is not worth the pixels that it takes up on a screen. From a more pragmatic standpoint, though, it may be more useful to address the underlying principle that #plagiarism is unacceptable from a community standards or copyright perspective rather than making it a tool-specific policy issue.
I’m a firm believer that people have the right to run their community projects in whatever way best serves their community members. I’m only pointing out the pragmatic issues of setting forth a policy where the likelihood of false positives is quite high, and the level of pragmatic enforceability may be quite low. That is something that could lead to reputational harm to people and the project, or to community in-fighting down the road, when the real policy you’re promoting (as I understand it) is just a fundamental expectation of “original human contributions” to the project.
Because I work in #riskmanagement and #cybersecurity I see this a lot. This is an issue that comes up more often than you might think. Again, I fully support your objectives, but just wanted to offer an alternative viewpoint that your project might want to revisit down the road if the current policy doesn’t achieve the results that you’re hoping for.
In the meantime, I certainly wish you every possible success! You’re taking a #thoughtleadership stance on an important #AIgovernance policy issue that is important to society and to #FOSS right now. I think that’s terrific!
Oracle finally admits to a major data breach—after being sued for hiding it.
Just days after being hit with a class-action lawsuit for allegedly covering up a major data breach, Oracle has begun privately notifying some customers of a security incident that compromised login credentials—including data from as recently as 2024.
Key highlights:
・ Hacker accessed usernames, passkeys, and encrypted passwords
・
Extortion attempt reported
・
Lawsuit claims Oracle failed to notify victims within 60 days
・
Plaintiffs demand better security & transparency
Despite Oracle calling it an outdated system, the lawsuit points to risks that are very current. This is a critical moment for cloud providers to re-evaluate incident response protocols.
CSO Online · Oracle quietly admits data breach, days after lawsuit accused it of cover-up
A colleague warned me today:
"Please stop thinking too long-term and too sustainable - you are damaging the company!"
I haven't laughed this hard since the last system failure. 
The picture captures corporate risk management and feature delivery perfectly:
Short-term focus with TikTok attention span.
#CorporateLogic #RiskManagement #ShortTermThinking
#SustainableThinking #SystemFailure #DarkHumor
#TechSatire #StartupCulture #EfficiencyKills #LeadershipGoals
#AutomationAddict #LongTermDamage
The Cyber Resilience Act shifts cybersecurity responsibility to manufacturers, requiring them to secure products before they’re sold. What does that mean for businesses and consumers? Listen in as we break it down! 
youtu.be- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
NEW on We 
Open Source
AI evaluation tools are a must for organizations deploying AI solutions. They provide real-time monitoring, risk assessment, and compliance tracking—ensuring AI remains ethical, secure, and effective.
John Willis explores why these tools are essential in modern AI governance. Read more: 
https://allthingsopen.org/articles/evaluation-tools-critical-operations-ai-solutions
openRiskScore is a #Python framework for risk scoring in both classic and federated/decentralized contexts.
The library aims to wrap popular machine learning frameworks as algorithmic backends and focuses on supporting high quality risk model development and maintenance.
Scoring tasks can be either pursued by a standalone entity (operating on its own data) or in #federation
(independent entities sharing some data sets).
The UK government just released a crucial report on open-source software best practices & supply chain risk management. Stay informed on securing OSS dependencies.
Read the full analysis here: https://www.gov.uk/government/publications/open-source-software-best-practice-supply-chain-risk-management/open-source-software-best-practices-and-supply-chain-risk-management
GOV.UKOpen source software best practices and supply chain risk management
A drastically different vision for the financial system is to encourage bankers to act as doctors and engineers, supporting thriving economies with sound #riskmanagement and #opensource transparency.
Starting with the management of so-called "bad credits".
openNPL implements the only existing public standard for loan-level data, a recommendation of the European Bank Authority
Abandoned S3 Buckets are a goldmine for hackers!
Last week, we shared new research revealing the alarming risks of abandoned S3 buckets. Now, cybersecurity experts @sherridavidoff and @MDurrin share more details on this new threat and provide advice on how to reduce your risk from this attack tactic that can expose you to supply chain compromises and remote code execution attacks.
Read our latest blog to learn how to protect your organization: https://www.lmgsecurity.com/abandoned-s3-buckets-a-goldmine-for-hackers/
LMG SecurityAbandoned S3 Buckets: A Goldmine for Hackers | LMG SecurityNew research revealed a chilling reality: abandoned S3 buckets are a new attack vector. Learn more about these attacks & how to reduce your organization's risk.
In #riskmanagement (and elsewhere) there is a range of phenomena that can be modeled as state transitions, a system switching from one defined state to another.
To help analyse observed data, transitionMatrix is a #Python #datascience library that enables the estimation and visualization of transition rates.
Your contribution can go a long way. Support the maintenance and further development of the Open Risk Manual and the Open Risk Academy as public and free to use resources
https://buy.stripe.com/fZe01M5QK2aY97q8ww
Or directly sponsor any of our software projects on Github:
https://www.openriskmanual.org/wiki/Main_Page
Open Source AI Models are a growing cybersecurity risk.
Organizations are increasingly using AI models from repositories like Hugging Face and TensorFlow Hub—but are they considering the hidden cybersecurity risks? Attackers are slipping malicious code into AI models, bypassing security checks, and exploiting vulnerabilities.
New research shows that bad actors are leveraging open-source AI models to introduce backdoors, execute arbitrary code, and even manipulate model outputs. If your team is developing AI solutions, now is the time to secure your AI supply chain by:
Vetting model sources rigorously Avoiding vulnerable data formats like Pickle Using safer alternatives like Safetensors Managing AI models like any other open-source dependency
As AI adoption skyrockets, you must proactively safeguard your models against supply chain threats. Check out the full article to learn more: https://www.darkreading.com/cyber-risk/open-source-ai-models-pose-risks-of-malicious-code-vulnerabilities
www.darkreading.comOpen Source AI Models: Big Risks for Malicious Code, VulnsCompanies pursing internal AI development using models from Hugging Face and other repositories need to focus on supply chain security and checking for vulnerabilities.
"Fixing your process won't get you out of a crisis. During a crisis, your goal should be to get out of it, not to fix your operation."
#RiskManagement hashtag#SoftwareEngineering
#python #algotrading #algorithm
#riskmanagement #backtesting
#crypto #btc #bitcoin
#stock #finance #fintech
#technology
Follow-Up:
Make Bitcoin Great Again
Turtle BTC Algorithmic Trading with Technical Analysis & Backtesting in Python
Unlock the Potential of Turtle Trading in the BTC-USD Market
By using several quant algorithms to backtest the performance of the strategy in the BTC market, this study evaluates the PoS of BTC-USD.
Published my 3rd blog post today! It's a book list about the politics of climate risk in urban environments and ways we should think about navigating them. Will use my Bookshop.org affiliate links to donate to the California Fire Foundation’s Wildfire & Disaster Relief Fund.
My main goal, though, is to spark discussion. Join my growing community! Would love more book recommendations or topics to cover.
Misaligned Markets · Book list - Rising Risks: Navigating the Modern Risk SocietyComplex risks, fueled by abstract and sometimes interrelated crises, are becoming a common feature of the modern world and our politics.
Greg Cocks Study Warns Of Glacial Outburst [GLOF] Risks From Hydropower Projects In The Himalayas, Caution Comes After Nod To Resume Testa III [Hydroelectric Project, India]
--
https://timesofindia.indiatimes.com/india/study-warns-of-glacial-outburst-risks-from-hydropower-projects-in-himalayas-caution-comes-after-nod-to-resume-teesta-iii/articleshow/117753719.cms <-- shared media article
--
https://doi.org/10.1126/science.ads2659 <-- shared paper
--
#GIS #spatial #mapping #spatialanalysis #GLOF #Sikkim #Himalayas #India #climatechange #flood #flooding #risk #hazard #hydroelectric #HEP #energy #TestaIII #testa #dam #failure #engineeringgeology #engineering #construction #multihazard #melting #glacier #glacial #climatechange #weather #lowpressuresystem #planning #glaciallakes #lakes #water #hydrology #naturaldisaster #Lhonak #downstream #elevation #steepness #slope #geometry #infrastructure #publicsafety #lateral #moraine #sedimentation #cost #economics #remotesensing #model #modeling #imagery #outburstflood #overtopping #hydropower #vulnerable #humanimpact #policy #riskmanagement #warning #rainfall #precipitation
Every day is an #InternationalEducationDay
at the Open Risk Academy. A range of free online resources spanning topics from #datascience
to #riskmanagement
and from #financialliteracy
to #sustainablefinance
Aiming to break down and make accessible technical concepts using #opensource
tools.
#python #algorithm #algotrading
#bitcoin #crypto #risk #riskmanagement #volatility #fintech #finance #testing 
Backtesting, Optimizing & Combining Multiple Algorithmic Trading Strategies Effectively: Bitcoin Use Case
Integrated Techniques to Prevent Overfitting & False Confidence in Technical Analysis Performance Evaluation