All Posts

  • Published on
    Narf is looking to hire an intern (Spring 2024 or Summer 2024) for a Department of Energy project where we are designing efficient hardware-level packet processors (in both SDN and FPGA forms) to detect syntactic and semantic anomalies in SCADA traffic.
  • Published on
    Tools for assessing the security of the software supply chain largely lack metrics related to software maintenance patterns and quality. Instead, current solutions focus on enumerating a manifest of packages for known vulnerabilities in their code. These do not account for the status of maintainers or the integrity, liveness, or health of the processes that produce that code. This article discusses how the recent archival of the ipmitool project illustrates the main difficulties in perceiving this status. Having tools that observe and model such information can help inform decisions about the trustworthiness of open source software and dependencies beyond the presence of known bugs and vulnerabilities.