You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/02_2_Managing_Claims_Elision.md
+6-5Lines changed: 6 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,6 +24,8 @@ Supporting objectives include the ability to:
24
24
25
25
## Amira's Story: Every Claim Narrows the Field
26
26
27
+
Based on the revelation of Amira's work for the Galaxy Project, Ben feels good enough about BRadvoc8 that he puts her in contact with his volunteer security programmer, DevReviewer. However, DevReviewer wants more than just that single PR before putting Amira to work: can BRadvoc8 show that they have security experience?
28
+
27
29
Amira did cryptographic audit work for a fintech startup in 2023-2024. She reviewed authentication implementations, found vulnerabilities, and helped to fix them. It's valuable experience that would strengthen her credibility for security work. But "crypto auditor" is a rare skill. How many people worldwide have done professional cryptographic audits? Maybe a few thousand. Combine that with other public claims, which might include that she's a Galaxy Project contributor, is privacy-focused, and speaks Portuguese, and the intersection might describe only a handful of people.
28
30
29
31
This is correlation risk. Each claim by itself might be safe. Combined, they create a fingerprint.
Amira set up her audit commitment when she created her BRadvoc8
188
-
identity, so that she could work with Ben. But the whole point of
190
+
identity. But the whole point of
189
191
commitments is that they sit around, gaining trust as they do, and
190
-
tend to be revealed later. That's the case here. Six months later,
191
-
Amira has approached DevReviewer for a security collaboration.
192
+
tend to be revealed later. That's the case here. Now, a bit after
193
+
creating the BRadvoc8 identity, Amira is talking to DevReviewer about doing work for Ben on SisterSpaces.
192
194
193
195
### Step 5: Highlight the Commitment
194
196
195
-
DevReviewer has seen Amir'as public attestation (about the Galaxy
196
-
Project) but want to know about her security audit experience. Amira
197
+
Ben has forward Amira's public attestations to DevReviewer, and they've checked their freshness and verified the Galaxy PR, just like Ben did. But now, DevReviewer needs additional credentials before setting Amira lose on security work for the project. Amira
197
198
mentions that she has relevant experience but couldn't share details
0 commit comments