@RSAConference @getBastionZero This was such a great moment for our team @getBastionZero! Here's the video of my 3-min pitch about BastionZero, which placed 2nd amongst hundreds of startups at the #RSAC 2022 innovation sandbox. https://t.co/nOKg5soE58

New blog post from me!

This reaction. 💙 Alisa Efimova & Misha Mitrofanov end their free skate and receive a standing ovation from the Boston crowd. #WorldFigure 📺 USA Network

They are missed 🕊️

It's live! 🎉

SQL injection, sadly still relevant in 2024. It's the topic of "Lecture 2" of my "Intro to Infosec" course at @BUCompSci today (and has been for the last 10 years).

Congratulations to @goldbe and the BastionZero team!

Excited to share that @Cloudflare has acquired @getBastionZero, expanding the scope of Cloudflare’s VPN replacement solution beyond apps and networks to infrastructure. Welcome to the team!

Congratulations to @getBastionZero and @Cloudflare, as they join forces to help more IT and security teams provide zero-trust access to their servers and other infrastructure! We tip our hats to @goldbe and @Ethan_Heilman, the incredible co-founders of BastionZero. 👏

With immense gratitude and excitement, I’m thrilled to announce that BastionZero is now part of Cloudflare! This is an incredible opportunity to take our tech to the the next level as we deeply integrate into the world’s largest SASE network. Watch this space!

.@getBastionZero CEO @goldbe is teaming up with Cisco's @rlbarnes to solve a problem relevant to the #OpenPubkey community. Check out the blog below to learn more about their vision for Proof of Issuer Key Authority (PIKA).

Our CEO @goldbe and @rlbarnes from Cisco are excited to introduce PIKA: Proof of Issuer Key Authority to solve a problem relevant to #OpenPubkey #oidc and JWT (JSON Web Tokens). Learn more in our latest blog: https://t.co/uvFKJFda15

I really like this new blog explaining how to generalize #openpubkey to any Identity Provider.

"Tracked as CVE-2024-3400, the issue has a CVSS score of 10.0, indicating maximum severity. "

Monster release from our #OpenPubkey team!

v0.3.0 release of OpenPubkey is out. Thanks to everyone who contributed, this is probably the biggest release we've ever done. https://t.co/VH1Cby1T5y

@ietf We're still digesting all the different ways that PIKAs can be used to improve the security of OIDC, SSO or software supply chain security applications. Please get in touch if you have any feedback on our new @ietf draft! https://t.co/r4KglgXCNj

@ietf PIKAs also allow verification of JWTs, ID Tokens and other OIDC tokens without querying the OP directly. Use PIKAs to reduce the load on a OP, or to build software #supplychain applications that need historical information about OP keys.

In this new @ietf draft, we introduce the PIKA and show how it can be combined with a timestamping authority to allow #OpenPubkey PK Tokens to be used even after the OP rotates it signing key. https://t.co/HTcC7vIwTt

This is where the PIKA comes in. A PIKA is a secure object that allows you to cache an OP's key, and verify using the OP's key even if the OP is offline.

OpenPubkey uses PK Tokens to allow an OpenID Provider (OP) to bind user identities to user-held public keys. Tokens are signed by the OP's signing keys. But, OP's rotate their signing keys over time. What happens if we need to use a PK Token *after* the OP rotates signing key?