security-architecture
2 posts
Article
Certified is not secure
Volkswagen blocking GrapheneOS shows what it costs when one attestation flag replaces a real risk decision, and why orchestration beats a longer blocklist.
Article
The Persistent Risk of Static Token Validation in Identity Systems
Azure's static token validation model may introduce risks in dynamic environments due to reliance on past trust assertions rather than real-time verification. This behavior reflects a design trade-off between performance and adaptability, not a confirmed failure.