@ktamarapalli
Security Researcher
Nothing here yet.
Nothing here yet.
6d ago · 3 min read · Why High-Assurance Systems Must Treat Humans as Coercible Attack Surfaces Introduction: The Missing Threat Model in DevSecOps Most CI/CD security models treat the human operator as a trusted, volunta
Join discussionMar 21 · 3 min read · Hardware-Rooted Intent Verification as a Trust Boundary Introduction: Why CI/CD Approval Must Leave the Laptop Modern CI/CD approval flows run on developer laptops. This is a structural error. Develo
Join discussionMar 14 · 5 min read · Forcing Digital Supply-Chain Attacks Into the Physical World Introduction: Security Is Economics, Not Perfection Security architecture does not eliminate attacks.It reshapes the economics of attackin
Join discussionMar 7 · 3 min read · Why Provenance Without Intent Is Not Enough Introduction: The Rise of Supply-Chain Frameworks Sigstore, in-toto, and SLSA represent real progress in supply-chain security. They provide: Artifact sig
Join discussionFeb 28 · 4 min read · Verifying CI/CD Artifacts Against Human-Signed Source Trees Introduction: The Build Server Is Not a Source of Truth Most CI/CD security models assume the build server is honest. This is a dangerous assumption. SolarWinds demonstrated that a build sy...
Join discussion