Data Safety and Information Security

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions.

Discover the limitations of JWTs for backend authorization and the benefits of centralized authorization with fine-grained access control. Explore AuthZed's SpiceDB and ReBAC foundation.

Learn why authentication and authorization are distinct systems, and why relying on attribute-based permission systems can lead to security vulnerabilities. Discover how ReBAC can lead to more robust permission systems that mimic the way people naturally organize their world.

Learn about the advantages and disadvantages of fine-grained access control and how to model permissions for your app efficiently. Find out how to strike a balance between security, performance, and user experience.

Reduce the risk of creating a legacy bespoke system with Authzed's suite of authorization tooling, including SpiceDB, an open-source solution for implementing fine-grained permissions modeled on ABAC and now featuring caveats for dynamic policies.

Learn how AuthZed and Netflix bridged the gap between Policy-Based and Relationship-Based Access Control by adding ABAC to AuthZed's Google Zanzibar-inspired authorization system—SpiceDB.

Breaking down the need for bespoke IAM architectures that are finer-grained and more intelligent.

Organizations need a proven platform for zero trust. But before we dive into why that is the case, we must first answer two important questions.

Yesterday’s solutions are today’s problems.

Document verification technology authenticates the validity of physical and digital documents. It ensures that personal and sensitive information remains secure. In today's digital age, document verification serves as a critical component for businesses in various sectors, including banking, healthcare, and government services. It utilizes a mix of artificial intelligence, machine learning, and pattern recognition to

Designing a dictionary of visually unambiguous characters for IDs.

Firstyear's blog

The abundance of X.509 certificate authorities who already perform identity proofing for businesses provides a rich resource that can be leveraged to boot the verifiable data ecosystem.

Learn how you can right size the access for your users in HackerRank with our new company admin enhancement.

On fediverse apps like Mastodon, Pixelfed and (soon) Threads, content is federated — but identity isn’t. We look at potential solutions.

CISA, DHS, and OpenSSF are introducing Protobom, an open source tool they say will make it easier for enterprises protect their software supply chains.

The xz Utils attack almost succeeded. Will we be as lucky next time?

The attackers were allegedly able to access GitLab repositories hosted by Sisense, where hard-coded secrets may have been found.

Anyone who has had to deal with HTML emails on a technical level has probably reached the point where they wanted to quit their job or just set fire to all the mail clients due to their inconsistent implementations. But HTML emails are not just a source of frustration, they can also be a serious security risk.

The xz backdoor is naturally still the top story of the week. If you need a refresher, see our previous coverage. As expected, some very talented reverse engineers have gone to work on the code, an…

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, to site defacement, to malware distribution.

An off-the-clock Microsoft developer got suspicious while doing some micro-benchmarking.

Malicious code planted in xz Utils has been circulating for more than a month.

When you click or press the Like button, you may be disclosing more about yourself than you imagine. You may also be contributing to the bank accounts of Internet scammers.

CITP is releasing a report today based on a two day in-person workshop on the security of the Web Public Key Infrastructure (Web PKI) we held last year.