Skip to content
Category

Security

Security from a builder's seat. Vulnerability disclosures, supply-chain attacks, secrets management, and defensive engineering patterns — explained with enough depth to act on, not just react to.

The Trojan Snow: Protestware and the Dual-Hatted Maintainer Risk
Article 14m ago 0

The Trojan Snow: Protestware and the Dual-Hatted Maintainer Risk

A hidden locale-based trigger in a classic X11 toy exposes the vulnerability of relying on a single upstream-downstream maintainer.

Emeka Okafor
Arbitrary Code Execution in objdump -g: How a Missing Bounds Check Becomes a Full Exploit

Arbitrary Code Execution in objdump -g: How a Missing Bounds Check Becomes a Full Exploit

Article · 3w ago0
uv Gets Built-In Vulnerability and Malware Scanning

uv Gets Built-In Vulnerability and Malware Scanning

News · 3w ago1
Massachusetts' Location-Data Ban Is a New Compliance Line for Mobile and Analytics Devs

Massachusetts' Location-Data Ban Is a New Compliance Line for Mobile and Analytics Devs

News · 3w ago5
Designing Payment Infrastructure That Starts With the Threat Model

Designing Payment Infrastructure That Starts With the Threat Model

Article · 3w ago0
Config Files That Run Code: The Supply Chain Blind Spot Nobody Is Auditing

Config Files That Run Code: The Supply Chain Blind Spot Nobody Is Auditing

Article · 3w ago0
Trivy: One Scanner to Rule Your Containers, Repos, and Kubernetes Configs

Trivy: One Scanner to Rule Your Containers, Repos, and Kubernetes Configs

Article · 3w ago0
Config Files That Run Code: The Supply Chain Blindspot You're Probably Not Auditing

Config Files That Run Code: The Supply Chain Blindspot You're Probably Not Auditing

Article · 3w ago0
1,000 Breaches In, and Companies Are Taking Longer Than Ever to Tell You

1,000 Breaches In, and Companies Are Taking Longer Than Ever to Tell You

Article · 3w ago0