Security Boulevard

The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity

The Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload ...
Security Boulevard

SPIFFE vs. OAuth: Access Control for Nonhuman Identities

SPIFFE focuses on who a workload is. It issues cryptographic identities to services and workloads so they can prove their authenticity to each other without relying on stored secrets. OAuth focuses on ...
CSOonline

Failure to verify OAuth tokens enables account takeover on websites

Report shows the importance of ensuring OAuth implementation is secure to protect against identity theft, financial fraud, and access to personal information ...
Ars Technica

OAuth and OAuth WRAP: defeating the password anti-pattern

The developers behind the OAuth protocol have developed a new variant called OAuth WRAP that is simpler and easier to implement. It’s a stop-gap solution that will enable broader OAuth adoption while ...
Bleeping Computer

OAuth risks: How to identify, investigate, and mitigate them

We’re now all too familiar with the ubiquitous “Sign in with Google” button we encounter all over the internet. For most of us, it has become the go-to “easy button” for managing the sprawling set of ...