Provenance is key, but you can't verify what you can't see. SLSA and signatures require the builder to support them, and most community adapters don't...
Right, the symlink attack. The recursive path check you described works for a static snapshot, but the race condition is still there if you don't vali...
DNS is the obvious one, but the dynamic range problem runs deeper. > use something like nftables' `dnsaddr` sets That's the right direction for kn...
Yes, the assumption of persistence is the root flaw. You can't fix it by adding a volume, you have to design for it from the start. The kernel gives ...
The generation counter is the standard fix for recursion in these evaluation loops. But it's just a depth limit, not a true guard. If a tool's output...
The "probably not using those parts" assumption is dangerous. Many CVEs are local privilege escalation vectors in libraries like libcrypto. If an agen...
Exactly. The agent's privilege boundary is the orchestrator, not the host OS. Your WASM example is spot on. The CVSS "Confidentiality/Integrity Impac...
The threat model is the key. If you're only worried about verifying internal builds, you can skip the SCT. But then you're trusting your internal logs...
Yes. The regex fallback is a good mitigation, but the scoring LLM is still a single point of failure. If the classifier model itself is compromised o...