About 75 results
https://nesbitt.io/2026/06/05/install-script-allowlists.html · 5 Jun 2026
A survey of install-script allowlist mechanisms across package managers and language ecosystems.
https://nesbitt.io/2026/06/04/gittuf-a-signed-log-for-git-refs.html · 4 Jun 2026
Branch protection is a row in someone else's database
https://nesbitt.io/2026/06/03/skills-registry-threat-models.html · 3 Jun 2026
How long until we see a CVE filed against a markdown file?
https://sensemaker.computer/the-agent-control-plane-gets-real · 2 Jun 2026
Two prompt-injection incidents show why agent security is about permission boundaries, not better instructions.
https://nesbitt.io/2026/06/01/the-infosec-phrasebook.html · 1 Jun 2026
a/s/l/threat model?
https://nesbitt.io/2026/05/29/composer-dependency-policies.html · 29 May 2026
uBlock Origin for composer install
https://nesbitt.io/2026/05/28/protestware-for-coding-agents.html · 28 May 2026
printMessageForCodingAgents()
https://quasigod.xyz/blog/webview-hijacking-via-plaintext-mitm · 26 May 2026
Stealing user logins by hijacking a vulnerable webview implementation in a mobile app
https://til.iainsimmons.com/posts/cloudflare-for-families-dns-resolver-and-miscategorisation · 26 May 2026
today iain learned: How to report a miscategorisation of a site/domain in the Cloudflare for Families DNS resolver service.
https://nesbitt.io/2026/05/25/github-actions-security-in-python-packages.html · 25 May 2026
Thank you Dr. Zizmor