Secure All Software

Home
Notes
Website
Archive
About
Burn your API keys!
Looking at API keys as a threat to your companies existence opens up the idea of using application identities and create temporary credentials based on…
  
Andreas Tiefenthaler
Open Source Security
Innovation and risk lie in the vast landscape of open-source software (OSS).
  
Andreas Tiefenthaler
You are doing it wrong! Kubernetes Image Tags
9 out of 10 deployments are doing it wrong, can you guess why?
  
Andreas Tiefenthaler
Are we loosing at dependencies?
How did we get into this complex mess?
  
Andreas Tiefenthaler
Gone Phishing
There is always a new way to phish people and cause damage. Developers and DevOps Engineers are more targeted than ever. Sometimes it comes as the wolf…
  
Andreas Tiefenthaler
Supply-chains, Lockfiles and Rants
Supply chain attacks are in all news (at least in mine). These kind of attacks happen in plain sight and use available infrastructure to do harm.
  
Andreas Tiefenthaler
Kubernetes Fort Knox
Your Arsenal Against Modern Cyber Threats
  
Andreas Tiefenthaler
Are Software and DevOps engineers becoming dumber?
I recently saw a (on purpose) controversial post on Linkedin titled “Are Software engineers becoming dumber?” The idea was that 20 years ago, we didn’t…
  
Andreas Tiefenthaler
Secure All Software - Who owns security? Issue #14
Is it me or is it you?
  
Andreas Tiefenthaler
Solving CI/CD Bottlenecks - Some Practical Tips
Tired of waiting for computers to do their stuff?
  
Andreas Tiefenthaler
Secure All Software [#14] - Signing Containers
Container image tags are overly trusted and rarely validated. Cryptographic signing is available. Here are a few ways to do it.
  
Andreas Tiefenthaler
Security for Engineering Leaders (on a budget)
Software startups often operate on tight budgets, making low or no-cost security measures particularly appealing.
  
Andreas Tiefenthaler
© 2025 Substack Inc
PrivacyTermsCollection notice
Start writingGet the app
Substack is the home for great culture