One of the trending security threats according to OWASP is related to supply chain security, which involves every component that developers use to build applications. In the end, it is important to use high-quality components, produced by trustworthy organizations and constantly maintained to fix security flaws. The problem is that organizations increasingly use open-source code, which does not always have the properties mentioned above, exposing individuals and organizations to security risks. The outstanding question is how organizations can use and trust open-source software. This post will not answer this question, but it takes us back a little into the past, when UEFI replaced BIOS in our computers (2005), giving us a glimpse of how simple concepts can help increase confidence in the software we are executing. ...

Today, I’m happy to open source one of my latest projects: https://github.com/gppmad/passkey-extension. It’s a simple passkey chrome extension that allows you to store and use passkeys. Passkeys and other passwordless mechanisms are undoubtedly the future of authentication, and it’s becoming increasingly important to be transparent about where these credentials are stored and how they are synced across devices. That’s why I decided to create a small Chrome extension that fully implements the Web Authentication Level 2 specification (https://www.w3.org/TR/webauthn-2/), with a focus on passkey information exchange. ...

Hi Guys, I am Giuseppe and I am passionate about technology. I thought it would be great to share my thoughts and experiences through this blog. Looking forward to share with you my journey!