What if the BEAM got hit by a worm? 🪱 We’ve been lucky so far — but luck runs out. The Ægis Initiative is how we defend our ecosystem. 👉 Read more & support: erlef.org/blog/eef/bea... #Erlang #Elixirlag #Gleam

One package. One update. A worm crawling through the BEAM ecosystem. A dark “what if” — and how we can stop it before it’s real. erlef.org/blog/securit... #erlang #elixirlang

There‘s still a bit to go to making this happen. Rebar is an important piece to using erlang not just for erlang, but just as much for elixir, gleam, … Consider backing this effort.

@maennchen.dev has just released the first version of Clarity: hexdocs.pm/clarity/Clar... Clarity is an interactive introspection and visualization tool for Elixir projects.

Cool!!! @maennchen.dev introduces Clarity! @ash-hq.org #elixirlang

The first part of the last afternoon gave us insights on how to handle a security disaster, converting from old code to new and our host @lawik.bsky.social showed us thousands of VMs running on the same machine. #goatmire #elixir

Proud to back the Rebar4 Kickstarter — moving the BEAM ecosystem forward with the community. 🙌

Hey folks, we have a CVE for #AshFramework. `before_transaction` hooks will execute in certain scenarios (bulk action calls) even if the action is forbidden by policies. Please update Ash core to 3.5.39. For more see: github.com/ash-project/... #AshFramework #ElixirLang

Stretch goal 2 (inclusion in Erlang/OTP itself) would solve the #1 thing people get stuck on when trying to get started with Gleam or Erlang! www.kickstarter.com/projects/pee...

I just backed From Rebar3 to Rebar4: Integrating with Erlang/OTP on @kickstarter.com www.kickstarter.com/projects/pee... #elixir

Community growth needs collective action Roadmap for outreach and engagement ‪@danj3.bsky.social‬ on taking responsibility for Elixir's future through community championship. #ElixirConfUS

Security incident response: from panic to patch CVEs, Hex retirement, vulnerability scanners ‪@maennchen.dev‬shows how to handle security disasters with transparency and leadership.

Had a great chat with @zachdaniel.dev and @maennchen.dev during a break at @elixirconf.bsky.social about the Erlang Ecosystem Foundation and its role in security. #elixirlang

🚀 6 must-see talks at CodeBEAM Europe 2025: Gleam careers, workflow orchestration, VPP with Elixir, security disasters, BEAM+Rust combo, and taming 20M Oban jobs! Featuring @ihh.dev @maennchen.dev codebeameurope.com#register

👉🏽 "From Freakout to Fix: Navigating a Security Disaster" Our Foundation's CISO - @maennchen.dev - will be speaking at @elixirconf.bsky.social on how to handle serious security holes — without melting down. 📢 Don’t miss it: elixirconf.com/talks/from-f... #ElixirLang #Security #BEAM

🎙️ @maennchen.dev joins the latest @openssf.org podcast! In this SOSS episode, he shares how the Erlang community is proactively addressing security concerns, why manufacturers are investing in upstream projects — and what other ecosystems can learn from their approach. Listen! shorturl.at/iKdG7

🎉 Today we celebrate #OpenSSFCommunity Day NA 2025, welcoming six new member organizations and honoring incredible contributors with the Golden Egg Awards 🥚. Read the full update: 🌐 openssf.org/blog/2025/06... #OpenSSF #OpenSource #SoftwareSecurity #OSS

🙌 Welcome to another #GettingToKnowUs edition! This time we got to meet @maennchen.dev a seasoned developer and lead engineer, with contributions to projects like the certified #OpenID Connect client for the #BEAM. He is currently the CISO of our Foundation. 🔗 erlef.org/blog/marketi...

Watch out folks, there's a CVE for the Erlang zip module. Update to the latest patch release when you can cna.erlef.org/cves/cve-202...

In part two of our talk with @maennchen.dev (CISO at @theerlef.bsky.social), we dive into the real security challenges BEAM developers face. From CVE tracking to practical tips for open source teams, this is about building safer systems from the start, not patching them too late. 🎥 bit.ly/45WjT3y

Security is most effective when it is built in from day one. In part one of our latest webinars with @maennchen.dev, CISO @theerlef.bsky.social, he shares his experience using SAFE, our security audit service for Erlang and Elixir systems. 🔒

Elixir 1.19 is a banger! Honestly I'm so pleased with the direction that #ElixirLang is going. My programs just get faster and more correct every time. I just know that we're in good hands. Thank you to everyone on the team for your hard work! github.com/elixir-lang/...

🔐Security and the BEAM Ecosystem In this insightful session organized by @erlangsolutions.bsky.social, @maennchen.dev — CISO at our Foundation —shares how the BEAM community is stepping up its open source security efforts, including becoming an official CNA www.erlang-solutions.com/webinars/sec...

Did the required work this morning to get #AshFramework passing the OpenSSF Best Practices certification, and to get our OpenSSF Scorecard. Thanks again to @maennchen.dev from @theerlef.bsky.social for his expert council and advice. See the scorecard here: scorecard.dev/viewer/?uri=... #ElixirLang

🎥 What’s new at the EEF? Alistair Woodman, @maennchen.dev & Dan Janowski share big updates: 🔐 We’ve joined the CVE® Program as an official CNA 🛡️ Launched the Ægis Initiative to boost security Must-watch for the BEAM community! ▶ youtu.be/5WqMpSt_rRE

Not an Ash talk. Not an Igniter talk. Is easy to couple Zach Daniel to his massive efforts in the Ash framework but ever since I met him the phrase "Elixir ride or die" live rent-free in my head. I must not say much about the talk itself. You need to see it. goatmire.com/speaker/zach... #elixirlang

Serious monday for a serious topic. Navigating security problems doesn't have to be all dread and cold sweat. Jonatan Männchen is the CISO of the Erlang Ecosystem Foundation. He will take you on the journey in his talk to get you ready. goatmire.com/speaker/jona... #elixirlang

✨Thanks to everyone who joined our talk at @elixirconf.bsky.social! We loved sharing everything we’ve been working on — from the Foundation to the community. Big shoutout to all the amazing speakers for the inspiring lightning talks, and to everyone who made this event so special! #Elixirlang

#ElixirLang ❤️ @theerlef.bsky.social I firmly believe the EEF will play an ever increasing role in the success of the Elixir ecosystem, and I intend to do my part to support them in this effort. Our community is growing and the need for coordination on things that impact us all grows alongside it. 👇

The EEF board 2025 Election Vote is over! 🗳 Cohort C contains the following new three members: @lawik.bsky.social, Lee Barney, @zachdaniel.dev 👏 We’re thankful for everyone who decided to get involved by running, and those who made their voices heard by voting. erlef.org/blog/eef/ele...

Erlang Ecosystem Foundation is now a CVE Numbering Authority (CNA) assigning CVE IDs for vulnerabilities in active packages on Hex.pm + projects on GitHub under elixir-lang, erlang, erlef-cna, erlef, gleam-lang, & hexpm, unless covered by the scope of another CNA cve.org/Media/News/i...

🚨We’ve officially joined the CVE® Program as an authorized CVE Numbering Authority! 🔐 This means we can now assign CVE IDs to publicly disclosed cybersecurity vulnerabilities in our defined scope, helping improve security and transparency in the broader open-source community shorturl.at/0bOxC

📢 New API Key strategy for @ash-hq.org merged 🎉. github.com/team-alembic... Massive shoutout (once again) to @maennchen.dev at @theerlef.bsky.social for his invaluable guidance on implementing this securely. #AshFramework #ElixirLang

💫Just released: a GitHub Action to submit Elixir/Mix dependencies via GitHub's Dependency Submission API. ✅ Perfect for unlocking security alerts, dependency graphs, and Dependabot Security updates! Check it out: github.com/erlef/mix-de... #Elixirlang

📢Why did we launch the Ægis Initiative? Because we believe a safer BEAM ecosystem benefits us all 🔒Elevate ecosystem-wide security ✅Streamline compliance readiness 🤝Foster trust and transparency 🌍Democratize access to advanced security 🚀Enable secure publishing workflows security.erlef.org/aegis/

BREAKING. From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.

Hey folks, we have a minor CVE issued for AshAuthentication. Please read the CVE and update accordingly. Relatively low severity, can't compromise a users data, but there is an opportunity for a user to be "confirmed" for an email they do not have access to. github.com/team-alembic...

🔐 Big news from the #Gleam community! The EEF Security Working Group helped @gleam.run include Build SBoMs and SLSA build provenance for all release artifacts and Docker images. This means greater visibility into dependencies and stronger software supply chain security💪 github.com/gleam-lang/g...

💜Join the Erlang Ecosystem Foundation! 🙌 Be part of a global community! Whether you're looking to connect, contribute, or stay informed, there’s a membership level for you! 👉Learn more: members.erlef.org/join-us #Erlang #Elixirlang #Gleam

👉Why join the @erlangworkshop.bsky.social? A while ago, we talked with Kiko Fernández Reyes from the program committee. If you work in industry, are an academic, or want to participate, listen to why this event matters! 💥 youtu.be/lSm8-jA-gsM?... #Erlang #MyElixirStatus #Gleam

🔒Big news! The EEF Security WG has launched the Supply Chain Security & Compliance Initiative! This initiative is focused on enhancing security and compliance across the BEAM ecosystem. All work is guided and reviewed by the WG and the EEF CISO security.erlef.org/aegis/ #Erlang #Elixirlang #Gleam

🎧Alistair and @maennchen.dev joined the @thinkingelixir.com Podcast to dive into supply-chain security, SBoMs, and Jonatan’s role as the Foundation’s Chief Information Security Officer. What does this mean for the community? youtu.be/jYkV9n4WW-Y?... #WeBeamTogether #Elixirlang

News includes phoenix_sync for real-time Postgres sync, a new Text Parser library, plus our interview with the EEF's CISO about supply-chain security, SBoMs, and what this means for the Elixir community, and much more! #ElixirLang www.youtube.com/watch?v=jYkV...

@zachdaniel.dev showing us Igniter — composable code generators that are additive and not based on opting out of the kitchen sink #elixirlang

🔒 The Elixir project is now OpenChain (ISO/IEC 5230) certified, meeting global standards for open source license compliance! This was done in collaboration with the EEF, reinforcing our commitment to secure and compliant open source development. More details 👉 shorturl.at/UlYgZ #Elixirlang

Elixir now meets OpenChain (ISO/IEC 5230) standards! This milestone strengthens our commitment to open source license compliance and secure development. Get the full story and see what it means for contributors and users alike: elixir-lang.org/blog/2025/02...

De retour du #38c3 Un moment toujours aussi unique et incroyable

We know where your #Volkswagen car is... Scary but also fascinating talk how they got and analyzed TBs of location data. media.ccc.de/v/38c3-wir-w...

Are you unknowingly publicly exposing Erlang distribution or RabbitMQ? Don’t worry—checking is quick and easy! 🔍 Run a port scan and verify if EPMD and Erlang Distribution are accessible. 🔒 Secure it behind a firewall or disable Erlang Distribution if it’s unnecessary. erlef.org/blog/eef/epm...