Security
We Scanned 300 npm and PyPI Packages for Supply Chain Attacks Without Executing a Single Line of Code
We indexed 300 popular packages with knowing’s code graph, computed isolation scores based on credential access + process spawning patterns, and achieved a 1.0% false positive rate across both the initial 200 and a held-out 100. No sandbox. No execution. No heuristics. Just graph structure.
Kubernetes Secrets: Should Your Cluster Store Secrets or Just Access Them?
Kubernetes Secrets are simple and often sufficient. But at scale, some teams separate compute from secret storage. Understanding the trade-offs: etcd vs cloud vaults, cluster RBAC vs cloud IAM, sync patterns vs runtime access, and when each pattern makes sense.
You Don't Know JSON: Part 7 - Security: Authentication, Signatures, and Attacks
JSON has no built-in security. The ecosystem response: JWT for authentication, JWS for signing, JWE for encryption. Learn how these work, common attacks (algorithm confusion, injection, timing), and how to secure JSON-based systems.