Publications
Building cryptographic agility into Sigstore
We collaborated with the Sigstore community to build cryptographic agility into the software signing ecosystem, enabling organizations to use different signing algorithms while maintaining security through predefined algorithm suites and out-of-band configuration rather than dangerous in-band signaling.
Codex (and GPT-4) can’t beat humans on smart contract audits
Is artificial intelligence (AI) capable of powering software security audits? Over the last four months, we piloted a project called Toucan to find out. Toucan was intended to integrate OpenAI’s Codex into our Solidity auditing workflow. This experiment went far […]