All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

CRML: A Declarative Language for Cyber Risk Modeling as Code

By

SANKET SARKAR

3mo ago· 1 min readenProduct
Bagel score 38 of 100
38/100
Stale
Bagelometer

Lacks bite. And filling. And a copy-editor at the bakery.

Score38Typepress releaseSentimentpositive

Summary

CRML (Cyber Risk Modeling Language) is an open, declarative language for writing cyber risk as code. It provides a YAML/JSON format for describing cyber risk models, telemetry mappings, simulation pipelines, dependencies, and output requirements without forcing users into specific quantification methods, simulation engines, or security-control/threat catalogs. The language is engine-agnostic and framework-agnostic, addressing the gap in having "Risk as Code" similar to infrastructure as code and network as code.

Key quotes

· 4 pulled
CRML is an open, declarative, engine-agnostic and Control / Attack framework–agnostic Cyber Risk Modeling Language
It provides a YAML/JSON format for describing cyber risk models, telemetry mappings, simulation pipelines, dependencies, and output requirements
without forcing you into a specific quantification method, simulation engine, or security-control / threat catalog
We have infrastructure as a code, network as a code but dont have anything as Risk As a Code
Snippet from the RSS feed
We have infrastructure as a code, network as a code but dont have anything as Risk As a Code. CRML is an open, declarative, engine-agnostic and Control / Attack framework–agnostic Cyber Risk Modeling Language. It provides a YAML/JSON format for describing

You might also wanna read

Rust Programming Language Faces Inevitable Supply Chain Security Threats

The article warns about inevitable supply chain attacks targeting the Rust programming language ecosystem, predicting that malicious actors

kerkour.com·1mo ago

Astral's Security Practices for Open Source Developer Tools

Astral, a company that builds developer tools, shares its security practices in response to growing concerns about supply chain attacks. The

astral.sh·1mo ago

Real-Time Investigation of LiteLLM 1.82.8 PyPI Supply Chain Attack on March 24, 2026

This article documents a real-time investigation and response to the LiteLLM 1.82.8 supply chain attack on March 24, 2026. It presents a min

futuresearch.ai·2mo ago

NanoClaw Adopts OneCLI Agent Vault for Enhanced Security and Credential Management

NanoClaw is adopting OneCLI's Agent Vault as its default credential and proxying layer, replacing its previous credential proxy system. The

nanoclaw.dev·2mo ago

Trivy GitHub Actions Compromised in Supply Chain Attack, Exposing CI/CD Secrets

A new supply chain attack targeting Trivy's GitHub Actions has been disclosed, where attackers compromised the security scanner by force-upd

socket.dev·2mo ago

GitHub Issue Prompt Injection Leads to 4,000 Developer Machines Compromised via Malicious npm Package

A sophisticated supply chain attack compromised approximately 4,000 developer machines through a GitHub issue title prompt injection. The at

grith.ai·2mo ago