Compliance
Cloudflare has released its 2024 Transparency Reports with expanded content and a new format, influenced by EU's Digital Services Act requirements. The reports are now divided into two sections covering Legal Requests for Information and Abuse Processes, featuring new data points and machine-readable formats. The company maintains its decade-long commitment to transparency while adapting to regulatory changes and service growth.
A proposal suggests open source projects could monetize by selling SBOM fragments containing accurate licensing information. The approach would eliminate redundant scanning efforts across companies and provide reliable data directly from project maintainers through sponsorship models.
New court documents reveal that Marko Elez, a 25-year-old DOGE employee, had limited write privileges to Treasury Department payment systems for one day due to an administrative error. Treasury implemented strict security measures around Elez's system access, contradicting previous reports about his administrative-level privileges. While Elez assisted in automating payment review processes, no unauthorized changes were made to Treasury systems during his brief employment.
A detailed exploration of Institutional Review Board (IRB) regulations reveals a complex web of federal, state, and institutional requirements for human subjects research, with rules extending far beyond medical studies to encompass even simple surveys and dietary experiments. The regulatory framework combines Common Rule requirements, FDA regulations, and state laws, creating an intricate system that affects researchers both within and outside traditional institutions.
Cloudflare announces the beta release of Automatic Audit Logs, a unified system that standardizes logging across products and expands coverage from 75% to 95% of services. The system automatically generates detailed records of user actions, authentication methods, and resource access patterns without manual intervention, while ensuring sensitive data protection through intelligent redaction.
OpenComply is an open-source security and compliance platform designed to simplify infrastructure monitoring and policy enforcement across multiple cloud services and tools. The platform offers universal visibility, automated compliance checks, and integration with various cloud providers while maintaining an engineer-friendly approach with git-managed policies and pipeline integration.