One of the benefits of working at Google is it gives me a chance to work with bright folks on hard problems that are not well appreciated or understood yet.
A great example of that is how cryptography has gone from a thing you bolt on to a product or one where you let some lower-level "handle it for you" to one where cryptography is built into the system so that its security properties can be verified. https://unmitigatedrisk.com/?p=600
A concrete manifestation of that is Certificate Transparency http://certificate.transparency.dev/ where over a number of years we took an ecosystem that was largely operated like the wild west and a number of unqualified actors and introduced accountability. #transparency #verifiability
Another example of this is how we worked with the Go team to deploy concepts of Binary Transparency to their package manager to help mitigate supply chain risks - https://unmitigatedrisk.com/?p=636 #supplychain #binary #transparency
or the great work the team is doing around enabling Firmware Transparency to be accessible to all of the devices we rely on in our increasingly complex world. #firmware #transparency https://github.com/google/trillian-examples/tree/master/binary_transparency
Or how we have made it possible for others to deploy truly end-to-end encrypted messaging while managing the risks of key lookups #key #transparency #e2e https://transparency.dev/application/strengthen-discovery-of-encryption-keys/
I wish I could tell you about all of the other use cases the infrastructure we created has been used for but I can point you at a site that we put together to explain broad strokes. https://transparency.dev/h #Transparency #Verifiability #Trust
If your thinking about applying these concepts to your own systems you should check out the Exercises here to help frame your thinking about the problem. https://transparency.dev/how-to-design-a-verifiable-system/