App Secrets Are Dead—At Least for Admin Scripts
Why I protect admin scripts more deliberately than everyday workflows—and why hardware-bound certificates feel like the logical next step.
Read the full articleYou might also wanna read
Android's new app signing policy: Can sideloading coexist with user security?
In which I attempt to be pragmatic. Are you allowed to run whatever computer program you want on the hardware you own? This is a question wh
Bring on the audit. Audit-Ready Data Security with PKWARE
Audit-ready data security isn't a posture. It's a record. Here's how we build it, and why we don't dread the calendar invite. I've sat in en

[tl;dr sec] #319 - AI is Eating Security, BSidesSF & RSA, Claude Finds Firefox 0-days
What does security look like in 5 years? Let's hang out in San Francisco and avoid badge scans, Opus 4.6 finds 22 vulns and auto-writes 2 ex
ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories
This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in di
User-level vs org-level auth in API integrations
Whose credentials should your API integration use? The five identity models we see in production, and when to choose each one.
Analysis of Apple's Unencrypted Server Connections and Surveillance Concerns
The personal website of Jeffrey Paul.

Comments
Sign in to join the conversation.
No comments yet. Be the first.