Operations | Monitoring | ITSM | DevOps | Cloud

At Mattermost, we’re on a quest to scale our application by one order of magnitude, from tens of thousands to hundreds of thousands of concurrently active users per installation. Scaling up is a complex effort involving expertise at several different levels. At its core, it’s a game of catching the next bottleneck — whether it’s application CPU usage, memory consumption, database throughput, networking, or any combination of the above (among other causes as well).

In today’s age of high-profile data breaches, supply chain attacks, and aging legacy software, smart organizations understand it’s no longer a matter of whether their systems will be compromised but when it will happen next. In fact, one recent study found that 68% of organizations experienced a cyberattack within the last 12 months (experiencing an attack doesn’t necessarily mean it was successful).

Cyber threats are increasing in severity and frequency, and organizations across a wide range of industries and sizes must stay prepared for outages and other incidents. To protect against these risks, smart enterprises are increasingly embracing cyber resilience, which goes above and beyond cybersecurity practices and helps teams better anticipate, react to, and recover from cybersecurity incidents. This, in turn, ensures the long-term health and success of the business.

Hello, Mattermost community! I’m Andrew Zigler, a developer advocate here at Mattermost, and I’ve recently had the privilege of representing our open source research at two great cybersecurity community conferences: BSides Barcelona 2024 and AppSec SoCal 2024.

If there’s one Go programming language feature that just doesn’t seem to catch a break when it comes to security, it’s the CFLAGS and LDFLAGS handling in cgo. This is a feature that lets parts of Go source code control the compiler and linker flags that are used to build that same code.

Data is the lifeblood of modern organizations. Since data helps teams make better decisions and provide a competitive edge, it’s also a target of bad actors looking to steal sensitive information or launch ransomware attacks. From software vulnerabilities and weak authentication mechanisms to malware and inadequate access controls, there’s no shortage of ways for hackers to infiltrate networks and gain access to mission-critical data.

Mattermost has embarked on a transformative journey in cloud optimization. This journey is marked by strategic initiatives, innovative approaches, and valuable lessons, all aimed at enhancing efficiency and reducing costs. This blog post explores the successful strategies that have guided our cloud optimization efforts. It also highlights our future direction with an emphasis on ARM/Graviton workloads and shares insights from our experiences, particularly regarding spot instances.

The average data breach already costs organizations $4.45 million, and it appears that damages will only become more expensive as time goes on. In fact, one report found that cybercrime will cost the world $10.5 trillion by 2025. While organizations can’t necessarily prevent hackers from targeting their systems, they can take proactive steps to strengthen cybersecurity and develop incident response plans that enable them to keep bad actors at bay and swiftly address incidents whenever they occur.

Hello, Mattermost community! We’re thrilled to announce the release of the Mattermost AI Copilot beta, a groundbreaking addition to the Mattermost platform. This plugin is not just a tool. It’s a way for organizations to deploy artificial intelligence in mission-critical environments — a true game-changer. With that in mind, let’s explore how this plugin will establish new standards in workplace collaboration for Mattermost Enterprise customers.

In November 2023 we discovered an issue in the Go standard library’s net/http.Client that allowed an attacker who controls redirect targets on a server to exfiltrate authentication secrets. Soon after, we discovered a similar issue in net/http/cookiejar.Jar. The issues, collectively designated CVE-2023-45289, have now been fixed in Go 1.22.1 and Go 1.21.8, released on March 5, 2024. This blog post dives into the technical details behind those two bugs and the patch that addresses them.