Data Safety and Information Security

Learn how AuthZed and Netflix bridged the gap between Policy-Based and Relationship-Based Access Control by adding ABAC to AuthZed's Google Zanzibar-inspired authorization system—SpiceDB.

Breaking down the need for bespoke IAM architectures that are finer-grained and more intelligent.

Organizations need a proven platform for zero trust. But before we dive into why that is the case, we must first answer two important questions.

Yesterday’s solutions are today’s problems.

Document verification technology authenticates the validity of physical and digital documents. It ensures that personal and sensitive information remains secure. In today's digital age, document verification serves as a critical component for businesses in various sectors, including banking, healthcare, and government services. It utilizes a mix of artificial intelligence, machine learning, and pattern recognition to

Designing a dictionary of visually unambiguous characters for IDs.

Firstyear's blog

The abundance of X.509 certificate authorities who already perform identity proofing for businesses provides a rich resource that can be leveraged to boot the verifiable data ecosystem.

Learn how you can right size the access for your users in HackerRank with our new company admin enhancement.

On fediverse apps like Mastodon, Pixelfed and (soon) Threads, content is federated — but identity isn’t. We look at potential solutions.

CISA, DHS, and OpenSSF are introducing Protobom, an open source tool they say will make it easier for enterprises protect their software supply chains.

The xz Utils attack almost succeeded. Will we be as lucky next time?

The attackers were allegedly able to access GitLab repositories hosted by Sisense, where hard-coded secrets may have been found.

Anyone who has had to deal with HTML emails on a technical level has probably reached the point where they wanted to quit their job or just set fire to all the mail clients due to their inconsistent implementations. But HTML emails are not just a source of frustration, they can also be a serious security risk.

The xz backdoor is naturally still the top story of the week. If you need a refresher, see our previous coverage. As expected, some very talented reverse engineers have gone to work on the code, an…

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, to site defacement, to malware distribution.

An off-the-clock Microsoft developer got suspicious while doing some micro-benchmarking.

Malicious code planted in xz Utils has been circulating for more than a month.

When you click or press the Like button, you may be disclosing more about yourself than you imagine. You may also be contributing to the bank accounts of Internet scammers.

CITP is releasing a report today based on a two day in-person workshop on the security of the Web Public Key Infrastructure (Web PKI) we held last year.

For the "W3C Workshop on the Future of Social Networking", taking place in Barcelona January 2009

The concept of a Web of Trust is most closely associated with Phil Zimmerman and PGP. The basic idea is that by signing each other's keys, usually at things like key signing parties, people could grow the network of keys they trusted to sign or encrypt documents such as email, sign legal documents, etc... The distributed system of trust feels right, but the idea never really took off, even though the keysigning parties must have been fun, probably because they still required physical presence. In foaf+ssl we are also using a Web of Trust mechanism, but as I will show here, this does not require key signing, and furthermore it uses PKI to do this (some may say it subverts PKI to do this). It should therefore be able to grow much faster, and hopefully give us the same benefits.

Product security plans and automating security with security as code offer a new — and better — approach to achieving app and cloud security goals.

Everyone loves themes. Doesn’t matter if it’s a text editor or a smart display in the kitchen, we want to be able to easily customize its look and feel to our liking. When setting up a …