Now that github is mandating that I add 2FA to "secure the supply chain", is there a standard way to say "I am not part of your supply chain"?
Seriously, the code I write is barely fit for purpose. I use github to make available things like Elevation of Privilege, have a place where the Four Question Framework for threat modeling can evolve in a constrained way, and to report bugs.
I've also posted some code that Claude wrote, with an explicit security warning.
(https://gist.github.com/adamshostack/ca17e69e3145f11d20c871a4a186be51)
No one should use any of that code.
Adam Shostack :donor: :rebelverified: /
npub1gg…98vel
2024-11-10 20:17:06
Author Public Key
npub1ggm59pds6gajzvw6unk8shs8ec7mee3srcwjer8mlszpk8awur9qh98velPublished at
2024-11-10 20:17:06Event JSON
{
"id": "1eb91b995acff47b24e2c96b1a6f4705d84f80c688a88eabf30b3f98d9e47bef",
"pubkey": "42374285b0d23b2131dae4ec785e07ce3dbce6301e1d2c8cfbfc041b1faee0ca",
"created_at": 1731269826,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/adamshostack/statuses/113460499365951584",
"activitypub"
]
],
"content": "Now that github is mandating that I add 2FA to \"secure the supply chain\", is there a standard way to say \"I am not part of your supply chain\"?\n\nSeriously, the code I write is barely fit for purpose. I use github to make available things like Elevation of Privilege, have a place where the Four Question Framework for threat modeling can evolve in a constrained way, and to report bugs. \n\nI've also posted some code that Claude wrote, with an explicit security warning.\n(https://gist.github.com/adamshostack/ca17e69e3145f11d20c871a4a186be51) \n\nNo one should use any of that code.",
"sig": "c3f33c06c76df69db6da4cb52933d3987b9ec77b1847f2d22f51769ba0fe3005ffd1601b2265e81491211b429aa25a3a89a16e7b448f7840bd8cd0c3995c0247"
}