Bring Back RSS for Operational Security

Bring Back RSS for Operational Security This post expands on ideas I previously presented at Pass the SALT 2024 in my talk Bring Back RSS For Operational Security.12 The short version is simple: operational security teams still need a reliable way to track change, automate collection, and reduce dependency on closed platforms. RSS already solves much of that problem. Operational security teams spend an enormous amount of time watching for change. A new vulnerability advisory is published. A vendor updates a CSAF document. A threat actor leaks a new victim. A trusted researcher posts a new analysis. A CERT publishes an incident note. A MISP event is enriched. A public dashboard changes. Most of these changes matter because they are new. And yet, in many security teams, we still collect this information in the most fragile way possible: by manually checking websites, relying on algorithmic social platforms, scraping pages that were never designed for machine consumption, or subscribing…