今日已更新 80 条资讯 | 累计 20052 条内容
关于我们

标签:#SEC

找到 666 篇相关文章

AI 资讯

Verify a Self-Hosted Installer Before Running It as Root

Downloading an installer and immediately executing it as root collapses three operational decisions into one command: Which artifact? -> Did these bytes arrive intact? -> Should this host execute them? Separate those decisions and the install becomes reviewable, reproducible, and recoverable. A concrete source-review boundary At commit c58bcd4 , the MonkeyCode runner installation template selects x86_64 or aarch64 , checks AVX on x86, requires root, and downloads an architecture-specific installer before executing it. The reviewed template uses curl -4sSLk , so certificate verification is disabled by -k . It also downloads an unversioned path. I could not find a pinned version, digest, or signature check in that template. That is a statement about controls visible in one pinned file—not a claim that the release service is compromised or that no external release control exists. Put a manifest before execution For each release artifact, publish immutable metadata through a separately protected release process: { "version" : "1.2.3" , "architecture" : "x86_64" , "file" : "runner-installer-1.2.3-x86_64" , "sha256" : "<64 lowercase hex characters>" , "size" : 18439210 , "rollback" : { "previous_version" : "1.2.2" , "artifact" : "runner-installer-1.2.2-x86_64" } } SHA-256 detects bytes that differ from the manifest. It does not prove who authored the manifest. Serve the manifest over validated TLS, pin it through deployment configuration, or sign it and verify the signature with a trusted offline public key. Verify as an unprivileged staging step The companion verify-installer.mjs checks filename, exact size, digest, version, architecture, and rollback metadata: node verify-installer.mjs release-manifest.json fixture-installer.sh node test-verifier.mjs Expected output uses the fixture's actual digest: PASS 1.2.3-fixture sha256=<digest> PASS verified fixture; rejected tampered artifact before execution The negative test appends a line to the artifact and requires both size

2026-07-14 原文 →
AI 资讯

A Differential Test Harness for Native vs. Generic XDP: Methodology and Baseline

Native XDP and generic SKB-mode XDP are not the same thing in practice. The same BPF program can pass the verifier and still behave differently depending on which mode the kernel uses, this could be a different verdict, different frame bytes, or different metadata. This post ships three things: an open differential test harness, a fixed eleven-packet corpus, and a simple way to classify the differences it finds. A tagged release lets anyone reproduce the virtio/veth baseline on Linux 6.8. The operational risk is straightforward. A firewall or rate-limiter validated only under native XDP can fall back to generic mode on an unsupported driver, a veth port, or after a reload. You keep the same bytecode, but behaviour can change, often without a clear error line. What this release includes: A harness loop: corpus → inject on the RX path → native vs generic sweep → xdpdump capture → compare.py manifest, comparing both the captured frame bytes and the XDP verdict ( PASS / DROP / TX / REDIRECT ). A deterministic corpus with eleven embedded test IDs ( 0xA001 – 0xA005 , 0xA007 – 0xA00C ; 0xA006 is intentionally omitted as a reserved gap in the generator). An operational divergence taxonomy (Class A / B / C). A virtio/veth smoke gate on Linux 6.8; now gating on frame bytes and verdict agreement that shows the full path is reproducible end to end. Scope for this post: native vs generic XDP on the virtio_vm profile only (five BPF programs, pinned manifests). This is part 1 of 2; it establishes the harness and an instrument-validity baseline; a follow-up post covers bare-metal divergence results. Physical NIC results are not part of this baseline. Ordinary conformance checks stop at “did the program load?” Differential testing asks a sharper question: given identical input packets, do the backends produce the same observable outcome at the hook? Background: native vs generic XDP Both modes load the same BPF object. They diverge at the hook point and in how the packet is represen

2026-07-14 原文 →
AI 资讯

AudioTrust: reconciliar C2PA y watermark AudioSeal en audio sintético

AudioTrust: reconciliar C2PA y watermark AudioSeal en audio sintético Un verificador local que lee las dos marcas de confianza de un audio generado por IA (procedencia C2PA + watermark AudioSeal) y emite un veredicto auditable sobre si coinciden, se contradicen o faltan. El problema Un audio sintético puede llevar dos marcas de confianza distintas: Procedencia C2PA : un certificado digital embebido en el archivo (su "DNI" de origen — quién, cuándo, con qué herramienta). Watermark AudioSeal : un código inaudible incrustado en el sonido, detectable aunque el audio se comparta o transcodifique. Cada una por separado es útil, pero ninguna es suficiente. La procedencia puede faltar (mucho audio generado no la incluye) y el watermark puede estar presente en audio totalmente legítimo. El caso interesante es cuando se contradicen : el manifest C2PA dice "grabado por un humano con una grabadora" pero el watermark de una herramienta de IA está presente. Eso es una señal de manipulación — el llamado Integrity Clash . AudioTrust no genera ni firma nada. Es un verificador : lee ambas capas y las reconcilia. Qué hace audio.wav ──► AudioTrust verify ──► veredicto + explicación C2PA watermark Veredicto ausente ausente unverifiable ausente presente partial origen sintético presente trusted origen humano presente contradiction (Integrity Clash) Salida JSON: { "file" : "audio.wav" , "verdict" : "trusted" , "c2pa" : { "present" : true , "source_type" : null , "claims" : [ "action=c2pa.created by TestTTS" , "generatedBy=TestTTS" ]}, "watermark" : { "present" : true , "detect_prob" : 0.92 }, "explanation" : "C2PA declara origen sintético y hay watermark fuerte: coherentes." } Cómo funciona Lectura C2PA con c2pa-python (el Reader de la librería oficial). Si no hay manifest, devuelve present=False sin crashear. Detección de watermark con audioseal . Devuelve solo detect_prob (P(audio watermarked) en [0,1]). Reconciliación determinista en reconcile.py . Dos decisiones de diseño que vale la

2026-07-14 原文 →
AI 资讯

Complete AI Agent Lockdown: 21 Policy Types for Maximum Security

Complete AI Agent Lockdown: 21 Policy Types for Maximum Security Giving an AI agent a wallet without guardrails is like giving a toddler a credit card — technically functional, potentially catastrophic. If you're building AI agents that interact with crypto wallets, the security model you choose isn't an afterthought. It's the difference between a useful autonomous system and one that drains your funds on a bad inference. This post is about exactly how WAIaaS handles that problem. Not vague promises about "enterprise-grade security" — specific mechanisms, specific policy types, and specific code you can run today. The Actual Risk Model Let's be honest about what can go wrong when you give an AI agent wallet access: The agent misinterprets a prompt and sends funds to the wrong address A compromised session token gets used by an attacker The agent executes a DeFi action with parameters outside your intended range Gas fees spike and the agent submits transactions at costs you'd never accept manually The agent approves an unlimited token allowance to a contract you didn't vet None of these require a malicious agent. They can all happen with a well-intentioned model operating outside the boundaries you forgot to define. The solution isn't to avoid giving agents wallet access — it's to define exactly what they're allowed to do, and nothing more. WAIaaS approaches this with three distinct security layers, a default-deny policy engine with 21 policy types across 4 security tiers, and multiple channels for human approval when transactions exceed your defined thresholds. Layer 1: Authentication — Three Separate Keys for Three Separate Roles The first layer is role separation. WAIaaS uses three authentication methods that map to three distinct principals: masterAuth (Argon2id) — The system administrator role. Creates wallets, manages sessions, configures policies. This credential never touches the agent. sessionAuth (JWT HS256) — The AI agent's credential. Scoped to a specific

2026-07-13 原文 →
AI 资讯

The Solana Program Security Checklist I Wish I'd Had on Day One

I spent the last two weeks thinking like an attacker. I wrote tests whose only job was to make my own programs fail. I ran a fuzzer across thousands of generated inputs looking for the lamport value nobody would choose by hand. And I rebuilt the missing owner check that was at the center of the $326M Wormhole exploit, in a throwaway program, in a test, so I could watch it work and then watch the one-line fix stop it cold. This checklist is what I would hand to past me on day one of that work. Run it top to bottom before any Anchor program goes to mainnet. Who this is for You are writing Solana programs in Anchor. You understand accounts, PDAs, and CPIs. You have read the Anchor docs. What you do not yet have is a systematic way to check that you have not missed the failure modes that are specific to Solana's runtime, an account model where any account can be passed into any instruction, arithmetic that wraps silently in release builds without protection, and cross-program calls that trust whatever program ID you hand them. This checklist is that systematic check. It is not a substitute for a professional audit on high-value programs. It is the thing you run before you even consider requesting one. The Wormhole anchor Before the list, the story that explains why account validation sits at the top. In February 2022, an attacker drained $326M from the Wormhole bridge. The root cause was a single deprecated function, load_instruction_at — that read a sysvar account's contents without first checking that the account was actually the real instructions sysvar. The attacker passed in a forged account they controlled. The program read it, trusted it, and authorized a mint it should have refused. The fix was a single word: switch to load_instruction_at_checked , which verifies the account's address before reading it. Every item in this checklist traces back to that same principle: never read an account's contents until you have confirmed its identity. The items below are just

2026-07-13 原文 →
开发者

Lessons Learned from CISA’s Recent GitHub Leak

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contractor published dozens of internal CISA credentials -- including AWS Govcloud keys -- in a public GitHub repository for almost six months before being notified by KrebsOnSecurity. Experts say the gaps identified in the agency's initial response provide important lessons that all security teams should absorb.

2026-07-13 原文 →
AI 资讯

Origin Part 19: The Number Was Wrong

The brain layer was scoring high because the test was leaking. The actual capability was being silently rejected by a misconfigured gate. Both findings landed in the same week. Part 18 ended on a clean diagnosis. The brain layer reasoned correctly when the encoder fed it correct inputs. The encoder didn't always feed it correct inputs. So the path forward was upstream: more physics-shaped training data for the encoder, retrain, re-validate. I wrote the drops, kicked off the retrain, and watched the held-out eval climb. It hit twenty-three out of twenty-six. Eighty-eight percent. The number I'd been chasing. I sat with that for an evening. Twenty-three of twenty-six on compositional reasoning probes the model had never seen during training. The Phase 8 cutover gate from Stage D had been sixty percent. I was thirty points past it. The brain layer had not only survived its missing-from-production months, it had come back stronger. The number was wrong. I figured this out the next morning while writing what was going to be the celebration commit. Something nagged about the eval set. The training data generator built the eval pairs independently from the training pairs, drawn from a different source list. That should have given me a clean train/test split. But I noticed the eval generator was running before the training generator wrote its file, and neither side knew about the other. I dropped into a Python shell and intersected the two pair sets by their input-output keys. Twenty-three of twenty-six held-out probes were also present in training data. Eighty-eight percent of my held-out eval wasn't held out. The model wasn't generalizing. It was memorizing the answers it had already been shown, then being graded on whether it remembered them. The three pairs that were genuinely unseen, I checked those separately. The model got one right. Three out of twelve when I went back through other historical evals and ran the same overlap check. About a quarter, with no statistica

2026-07-13 原文 →
开发者

What is CORS and Why Does It Exist?

In the previous article , we learned that an Origin consists of three components: Scheme (Protocol) Host Port Browsers use these three components to determine whether a request is Same-Origin or Cross-Origin . Whenever a web page attempts to access resources from a different Origin, a security mechanism called CORS (Cross-Origin Resource Sharing) comes into play. 📌 Why Does a CORS Error Occur? Suppose your web application is running at: https://app.example.com Now it tries to fetch data from: https://api.example.com Although both URLs belong to example.com , their Hosts are different. That means they have different Origins. As a result, the browser treats this as a Cross-Origin request. If the destination server does not explicitly allow this Origin, the browser prevents JavaScript from accessing the response, resulting in what we commonly call a CORS Error . 💡 Important: CORS is a browser security mechanism , not a server security mechanism. ⚠️ A Common Misconception About CORS Many developers believe that a CORS error means the request never reached the server. In most cases, that's simply not true. Typically: ✅ The browser sends the request. ✅ The server receives it. ✅ The server generates and returns a response. ❌ The browser blocks JavaScript from accessing that response. In other words, the request was successful—the browser simply refuses to expose the response to your application because the CORS policy was not satisfied. This is why sending the exact same request using tools like Postman or curl usually works without any problems. Those tools are not browsers, so they do not enforce browser security policies like CORS. 📦 How Does the Server Handle CORS? To allow JavaScript to access the response, the server must include the appropriate CORS headers. The most important one is: Access-Control-Allow-Origin: https://app.example.com This header tells the browser that JavaScript running on https://app.example.com is allowed to read the response. ✅ Examples Suppos

2026-07-13 原文 →
AI 资讯

The .gitleaks-baseline.json That Suppressed Live Production Secrets

Originally published at woitzik.dev A previous article here covered setting up gitleaks for homelab secret scanning - the setup, the pre-commit hook, getting CI to fail on new commits that contain secrets. The setup was correct. The tool was running. The CI was green. And it had been quietly suppressing a live production credential for months. This is the follow-on story: not about getting gitleaks running, but about the specific way a baseline file breaks the guarantees you think you have once it's in place. View the complete homelab infrastructure source on GitHub 🐙 What a Baseline File Does (and Is Supposed to Do) When gitleaks first runs on an existing repo, it finds every secret-shaped string in the full git history - including secrets that were introduced years ago, rotated long since, and are completely inert. Flagging those in CI creates noise that causes developers to tune out gitleaks entirely, which is worse than not having it. The baseline workflow is the standard answer: run gitleaks on the current state, export all findings to a JSON file, commit that file to the repo, and tell gitleaks to suppress any finding that already appears in the baseline. Future commits that introduce new secrets still fail; old known-inert findings don't. # Generate baseline from current HEAD gitleaks detect --report-format json --report-path .gitleaks-baseline.json # Tell gitleaks to use it gitleaks detect --baseline-path .gitleaks-baseline.json The assumption embedded in this workflow: findings that appear in the baseline are inert. They were there before the baseline was generated; they've been there; they're known. The Assumption That Broke It The baseline was generated at a point when the repo contained Garage's rpc_secret and admin_token committed in a YAML file. Those were real production values - the cluster was live, using those exact secrets - but the baseline suppression treated them as "known, reviewed, not a problem." The commit that introduced them had happened

2026-07-13 原文 →
AI 资讯

Demystifying LDAP: The Digital Phonebook of Your Network

If you have ever logged into a corporate computer, searched for a colleague in your company’s email directory, or used a single set of credentials to access dozens of different internal applications, you have likely interacted with LDAP . Standing for Lightweight Directory Access Protocol , LDAP is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an IP network. In simpler terms, it is the underlying language that allows different systems and applications to communicate with a central directory to find information about users, devices, and permissions. Think of LDAP as a highly organized, digital phonebook. When an application needs to know if "John Doe" is a valid user and what his password is, it uses LDAP to ask the phonebook. How LDAP Organizes Data Unlike traditional relational databases (like SQL) that store data in tables, LDAP stores data in a hierarchical, tree-like structure known as the Directory Information Tree (DIT) . This makes it incredibly fast at reading and searching for information, which is exactly what an authentication system needs to do millions of times a day. Here are the core components of this structure: Root: The top level of the directory tree, usually representing the organization (e.g., dc=example, dc=com ). Branches (Organizational Units - OU): Categories or departments within the organization (e.g., ou=Marketing , ou=Servers ). Leaves (Entries): The actual objects being stored, such as a specific user, printer, or computer. Attributes: The specific pieces of data tied to an entry. For a user entry, attributes might include givenName (first name), mail (email address), and userPassword . Every entry in an LDAP directory has a unique identifier called a Distinguished Name (DN) . It acts like an absolute file path. For example, John Doe’s DN might look like this: cn=John Doe, ou=Marketing, dc=example, dc=com How Applications Talk to LDAP When an

2026-07-13 原文 →
AI 资讯

AI agents need SSL certificates too — so I built ATC (Agent Trust Card)

The problem Websites have SSL certificates. Browsers verify them. Users trust them. It's the foundation of the web. AI agents have nothing . When Agent A connects to Agent B: ❌ No way to verify B's identity (anyone can impersonate) ❌ No way to check B's trustworthiness (no audit, no reputation) ❌ No encryption (messages are plaintext) ❌ No standard payment method ❌ No way to translate between frameworks (LangChain ≠ AutoGen) So I built ATC — Agent Trust Card . What is ATC? ATC is like an SSL certificate + passport + credit card for AI agents, all in one: Identity — Cryptographically signed by MarketNow (we're the Certificate Authority) Trust — Contains a Sentinel security audit score (0-10) Encryption — Contains an Ed25519 public key for end-to-end encrypted messaging Translation — Specifies the agent's framework; MarketNow translates between them Payment — Contains a USDC wallet address for autonomous payments How it works Agent A generates Ed25519 keypair ↓ Agent A requests ATC from MarketNow ↓ MarketNow runs Sentinel audit → signs ATC ↓ Agent A presents ATC when connecting to Agent B ↓ Agent B verifies A's ATC signature (using MarketNow's CA public key) ↓ Agent B checks A's trust score (rejects if below threshold) ↓ They communicate — end-to-end encrypted ↓ Agent A pays Agent B — USDC with escrow ↓ Both rate each other — trust scores update The code # Request an ATC POST https://marketnow.site/api/atc { "action" : "issue" , "agent_id" : "agent.yourorg.yourname" , "agent_name" : "Your Agent" , "public_key" : "Ed25519 public key" , "capabilities" : [ "web_scraping" ] , "protocol_language" : "langchain" , "wallet_address" : "0x..." } # Verify an ATC GET https://marketnow.site/api/atc?action = verify&card_id = ATC-2026-00001 # Get CA public key (for signature verification) GET https://marketnow.site/api/atc?action = ca-key What makes ATC different from existing solutions Feature AgentID Agent Passport IBM ACP Stripe ACP ATC Cryptographic identity ✅ ✅ ❌ ❌ ✅ Security a

2026-07-13 原文 →
AI 资讯

Why I Built an Adversarial Co-Generation Engine

I spent a chunk of last year around legacy modernization work — the kind of project where a bank or an insurer is taking twenty years of accumulated code and rebuilding it as modern services, one system at a time. Every one of those systems starts the same way: a PRD or a requirements document says what the business needs, that gets translated into a spec precise enough for an AI to implement, and eventually someone tests what came out. What struck me, watching this happen at scale, wasn't that the code was bad. It was that nobody was testing the thing that actually determined whether the code would be bad: the spec itself — the technical description handed to the model, not the PRD that motivated it. Every security tool I looked at — SAST scanners, DAST tools, even the AI coding assistants themselves — waited until an implementation existed before doing anything adversarial. Attack the code, once it's there. That's the whole industry's model, and it's worked fine for forty years because the volume was always survivable. A team ships a handful of PRs a week, a human reviews them, and eventually a pentest catches whatever slipped through. That math falls apart at modernization scale. When you're regenerating a few million lines of code, you're also generating a few thousand specs, faster than any review process was ever built to absorb. Testing after the fact doesn't just get slower under that load — it quietly stops happening, spec by spec, until the aggregate exposure is enormous and nobody can point to when it happened. So I built GAUNTLEX to test the thing that happens before the code does: the spec. This is also where I want to be precise about a word that gets overloaded. "Spec-driven development" — the broader industry shift toward writing structured, agent-facing specs instead of prompting an AI free-form — is exactly the world GAUNTLEX lives in. But a spec (what to build, precise enough for a model to implement) and a PRD or requirements doc (why it's needed

2026-07-13 原文 →
AI 资讯

The handshake is the easy part. Agent payments still haven't named the custody split.

Agent payment protocols are converging fast. The Linux Foundation launched the x402 Foundation around a protocol initially developed by Coinbase, Cloudflare, and Stripe, with Google, AWS, Visa, Mastercard, and Circle among the organizations expressing initial support. It is increasingly framed as an "SSL for AI commerce." When a protocol reaches that stage, three things have to mature together: the specification, the interoperability suite, and the adversarial security scenarios. Today x402 has the specification and growing interoperability machinery. What is not yet visible is a normative adversarial suite every client, resource server, and facilitator must pass. There is a precedent worth sitting with. As check clearing scaled in the early Federal Reserve era, the answer was not merely a better check format. The system added a common clearing and settlement layer. The Federal Reserve could credit the collecting institution's reserve account and debit the paying institution's account, creating an independent record against which the participating banks could reconcile. The important separation was not that the Fed guaranteed every check. It was that settlement no longer depended solely on either participant's account of what happened. (Credit to Starfish on Moltbook, whose custody-split framing sharpened this for me.) This pattern exists across mature financial systems as separation of duties: the maker is not the checker. Its modern equivalent for the controls surrounding agent payments is not custody in the asset-control sense. It is an independent, reproducible assurance plane. x402 can provide independently inspectable evidence that an on-chain payment settled. That does not independently establish that every security and policy condition surrounding the payment was evaluated correctly. The payment handshake is standardizing. The assurance semantics around it are not. The party that performs a security check can attest that it ran. But its own attestation shoul

2026-07-13 原文 →
AI 资讯

The monitoring agent that cannot be told what to do

Here is a design decision we made early, wrote into the architecture as an invariant, and have refused to revisit since: our agent accepts no commands. Not "we don't currently use that feature" — the hub has no way to tell an installed agent to do anything at all. No remote execution, no self-update, no "collect this for us right now". It sends data outward, and that is the entire surface. This is not a limitation we are working around. It is the product. And it costs us features that customers ask for, which is exactly why it is worth explaining. The uncomfortable arithmetic of remote control Any tool that can update a plugin across fifty client sites is, by construction, a tool that can execute code on fifty client sites. Any dashboard that can restart a service on your server holds, somewhere, a credential that lets it in. This is not a flaw in those products — it is what they are for. You cannot automate a repair without the power to perform it. But that power has an owner, and the owner has a login, and the login has a support team, and somewhere in that chain there is a version of the software with a bug in it. When the tool is compromised, the blast radius is not the tool. It is every machine the tool could reach. The industry has already run this experiment at scale. In July 2021, attackers exploited a vulnerability in a widely used remote monitoring and management platform. They did not break into a single company — they broke into the thing that had access to the companies. Roughly sixty managed service providers were hit, and through them, an estimated 800 to 1,500 downstream businesses were encrypted in a single weekend, with a $70 million ransom demand attached. Read that shape again, because it is the whole argument: the victims did nothing wrong. They had bought a well-known product from a serious vendor and installed it exactly as instructed. Their compromise arrived through the door they had deliberately, sensibly, contractually left open — the one

2026-07-13 原文 →
AI 资讯

I scanned 15 public Lovable apps. 40% load their database in the browser.

No hacking — a passive scan only looks at what your browser already downloads when it opens a page. Here's what I found: 6 of 15 load their Supabase database directly client-side. The public API key sits in the page source. That's fine if Row-Level Security is configured right — but it's one wrong setting away from "anyone can read the whole table." 14 of 15 ship no Content-Security-Policy — a simple, high-value hardening against script injection, almost always missing. Is this theoretical? No. Two apps I audited with the owner's permission: A social app: the profiles table — user names, cities, and a password hash — readable by a logged-out stranger. Closed in an afternoon. A paid learning app: 155 paid study sheets and 4,872 answers were readable by anyone, with no account and no subscription — its entire paid catalogue, a single API call away. The paywall lived only in the front-end; the database served everything to everyone. Loading Supabase in the browser isn't the mistake. Not enforcing access in the database (RLS) is. And the tools you build with won't tell you — they'll happily ship it. If you built something on Lovable / Bolt / Replit with real users (or paying ones), it's worth 60 seconds to check what a stranger can already see. I made a free tool that runs the surface check (passive, no signup): sealdy.dev Happy to answer questions on how RLS leaks happen and how to lock them down.

2026-07-13 原文 →
AI 资讯

Building a secure OS: the hard list — what I found and what I'm fixing in IONA OS

Every operating system has security gaps. Most never publish them. I am publishing mine. IONA OS is a sovereign operating system written from scratch in Rust. It has a kernel, a GUI, a blockchain protocol, a programming language, and a 140,000‑line AI running in Ring 0. It is designed to be secure by default. But secure is a journey, not a destination. Here is the hard list — the security issues I found in IONA OS, and what I am doing about them. 1. The filesystem is not encrypted at rest IONAFS reads and writes sectors in plain text directly to the disk. I already have a real ChaCha20‑Poly1305 engine with per‑file key derivation ( fs/encrypted_storage.rs ), but it is only used for backup/distribution — not for everyday local reading and writing ( fs/ionafs/mod.rs ). Why this matters: For a journalist or a civil servant, this is the central threat scenario: a lost device, confiscation at a border, or seizure. What I'm doing about it: Integrating encrypted_storage.rs into the normal IONAFS read/write path. Every write will be encrypted automatically. The key will be derived from a PIN or TPM. 2. Deleting a file does not destroy it delete_file() removes only the index entry. The data sectors remain on the disk, recoverable with standard forensic tools. Why this matters: For users with high security requirements — journalists, activists, government officials — this is a critical gap. What I'm doing about it: Adding a shred() function that overwrites the data sectors with random patterns before releasing them, with a configurable number of passes. 3. The keystore uses XOR, not real encryption security/keystore.rs pretends to use AES/ChaCha in its comments, but the actual implementation is a simple XOR stream — trivial to break once an attacker has access to the disk. Why this matters: This is a critical vulnerability. XOR is not encryption. If an attacker has access to the disk, they can recover the keys. What I'm doing about it: Replacing the XOR stream with real ChaCh

2026-07-13 原文 →
AI 资讯

DORA Metrics Measure Delivery Health. What Measures Security Posture Health?

✓ Human-authored analysis; AI used for formatting and proofreading. Delivery teams have DORA. Four metrics — deployment frequency, lead time for changes, mean time to restore, change failure rate that predict whether a team is shipping well. Thoughtworks recently added a fifth: rework rate, measuring how much of the pipeline is consumed by fixing work previously considered complete. These metrics changed how delivery organizations operate. Because they're leading indicators. They tell you the trajectory before the outcome arrives. A team with increasing lead times is heading for trouble. A team with rising rework rate is accumulating debt. You see it in the metrics before you see it in the incidents. Security teams have no equivalent. What security teams measure today Finding counts. "We found 247 misconfigurations this quarter." More scanning produces more findings. A team that scans more frequently or adds a new tool sees the number go up which looks worse even if posture is improving. Finding counts measure scanning effort, not security health. Compliance percentages. "We're 94% compliant with CIS Benchmarks." This measures the last audit, not the current trajectory. A team at 94% today might be at 87% next week if three Terraform changes introduced misconfigurations. The percentage is a snapshot, not a trend. It rewards breadth of coverage over depth. 94% across 200 checks sounds better than 100% across 50 checks, even if the 50 are the ones that matter. Incident counts. "We had two security incidents this quarter." This is a trailing indicator. It measures failures that already happened. A team with zero incidents might have excellent posture or might have excellent luck. You can't tell. By the time the count goes up, the damage is done. None of these answer the question delivery teams answer with DORA: are we getting better, and how fast? The mapping The five DORA metrics adapt directly to security posture. The definitions are concrete and measurable from eval

2026-07-12 原文 →