The problem I kept hitting in software supply chain security I got tired of “trust me” release pipelines. Even when I used code signing and pinned d...
I fell into this rabbit hole because I kept seeing the same annoying pattern in my homelab: my CI pipeline would mint short-lived API tokens, those to...
The weekend problem I couldn’t stop thinking about I was building an “AI assistant” that had to call internal tools (like fetching account metadata)...
I got tired of treating “threat intelligence” like a blob of text—some feeds said “APT29”, others said “malware family”, and in practice my SOC (secur...
I stumbled into a weird corner of software supply chain security while debugging a “perfectly signed” release that still felt untrustworthy: the signa...
The problem that got me curious I hit a weird failure in a CI pipeline that “looked secure” on paper: the pipeline was verifying artifacts, but it w...