ktamarapalli.hashnode.devThe Attack Cost Escalation Model: Why Physical Security Changes Adversary EconomicsForcing Digital Supply-Chain Attacks Into the Physical World Introduction: Security Is Economics, Not Perfection Security architecture does not eliminate attacks.It reshapes the economics of attackin3h ago·5 min read
ktamarapalli.hashnode.devWrapping Sigstore, in-toto, and SLSA: Where Modern Supply-Chain Security Still FailsWhy Provenance Without Intent Is Not Enough Introduction: The Rise of Supply-Chain Frameworks Sigstore, in-toto, and SLSA represent real progress in supply-chain security. They provide: Artifact sig6d ago·3 min read
ktamarapalli.hashnode.devMerkle Manifests: Why Build Servers Lie (How to Cryptographically Prove It)Verifying CI/CD Artifacts Against Human-Signed Source Trees Introduction: The Build Server Is Not a Source of Truth Most CI/CD security models assume the build server is honest. This is a dangerous assumption. SolarWinds demonstrated that a build sy...Feb 28·4 min read
ktamarapalli.hashnode.devRisk-Adaptive Friction: Designing Human-Aware Security Controls in CI/CDWhy All Approvals Should Not Cost the Same Introduction: The Click-Through Syndrome Security teams often believe friction equals security. In practice, static friction leads to automation and fatigue. When engineers approve deployments dozens of tim...Feb 21·3 min read
ktamarapalli.hashnode.devThe Forensic Black Box: Why Logs That Can Be Deleted Are Security TheaterDesigning Immutable Audit Trails for CI/CD in Hostile Environments Introduction: The Illusion of Observability Most security teams believe they have “logs.” In reality, most organizations have rumors of past events stored in databases that attackers...Feb 14·4 min read