security

Every Dependency Is a Decision You Didn't Make

Your lockfile is hundreds of trust relationships nobody negotiated. The highest-profile supply chain attacks of the last decade exploited trust, not code — and no scanner caught any of them in time.

Post-Quantum Cryptography: A Practical Primer

The standards are final, the migration clocks are ticking, and your TLS traffic is probably already using post-quantum key exchange. Here's what the algorithms actually do, what's deployed, and what you should do about it.