Author: Maikel Mardjan

  • Simple is a scam

    As humans, we try to simplify the world around us. We love to think in simple casual relationships, like “A caused B which caused C”, because we are able to understand cause and effects without much energy spent on thinking and analysing. But the world is not simple. The world is non-linear. There is seldom a single cause for things. 

    (more…)

  • Avoid Python SAST scanners based on AI

    What happened with blockchain technology is also happening with AI technology. Too many people believe that it is a solution for all hard and complex problems. I still love this flowchart that helps you to determine if blockchain is an appropriate technology for your use case. Spoiler: Blockchain is seldom a solution.

    (more…)

  • Stop using assert in your Python code

    Too many Python programs use assert statements to check for conditions, even in widely used modules like Pydantic.


    Using assert can be problematic from a security perspective. The Python assert statement itself isn’t insecure, but its misuse can lead to vulnerabilities.

    (more…)

  • Is Pydantic as safe as it Is popular?

    If you want to keep complexity low and minimize security risks, you always need to decide whether using an external Python library is the right choice.

    Practising 0Complexity design principles is never easy. But when it comes to security and minimising dependencies, you should weigh the advantages and disadvantages of using any external Python library.

    Don’t get me wrong: many FOSS Python libraries are excellent, well-maintained software and you’d be foolish not to use them when appropriate.

    So before using a new module in an MVP, running a quick and simple Static Application Security Test (SAST) on the external Python module will provide valuable information from a security point of view.

    (more…)

  • Open Security News week 30-2025

    Python is for one of the most used programming language to date. Especially in the AI/ML world and the cyber security world, most tools are based on Python programs. Large and small businesses use and trust Python to run their business. However even when using Python the risk on security issues is never zero. Static application security testing (SAST) tools , like Python Codeaudit program should be used to prevent security risks or to be aware of potential risks that comes with running the software.

    (more…)

  • Open Security News week 25-2025

    Cyber security is complex. But effective cyber solutions do not need to be complex and very expensive.Simplifying your security landscape is not simple, it means rethinking your strategy and re prioritizing objectives. The perfect solution to reduce security risks to zero does not exist. But using and creating a security architecture helps with reducing and managing your risks. A good way to really speed up creating your solution architecture is to use this reference architecture as the basis.

    (more…)

  • The Path to Simplified IT

    Solving IT problems is solving business problems. Information Technology (IT) is never an end goal. Simple IT solutions make dreams reality and can have a positive impact on the quality of our lives. However complex IT solutions are the de facto standard for too many solutions. Complex IT solutions have a large negative impact. But solving and preventing IT complexity is hard. 

    (more…)

  • T-DOSE 2025

    On the Technical Dutch Open Source Event 2025 (t-dose), I gave a talk on ‘Simplifying Security’

    Slides (cc-by-sa) here for download and remember slides are published to be shared:

    (more…)

  • Open Security News week 21-2025

    Cyber security is a vital concern for individuals, organisations, and societies at large. To address this pressing issue and to ensure a safer digital environment, we need to do a better job.

    For many years, we have struggled to get security right. We,security experts and software developers, have been trained and influenced by commercial vendors. We use too many complex, expensive cyber security solutions that are costly to implement and maintain and lack transparency, as most enterprise cyber security solutions are not open source.

    Next week, on Sunday 06-01 you are invited to join my talk on simplifying cyber security. Check the conference at t-dose.org and the schedule!

    (more…)

  • Open Security News week 18-2025

    Cyber security is complex. But effective cyber solutions do not need to be complex and very expensive. To avoid misunderstandings: Simplifying your security landscape is not simple at all, but rather means rethinking your strategy and re-prioritizing objectives. More budget and more expensive cyber technology does not help to mitigate your security risks. The best preventive solutions like creating a good security architecture require no complex technology nor expensive maintenance. Try it with open tools.

    (more…)