No Way JOSE! Designing Cryptography Features for Mere Mortals – Scott Arciszewski
Abstract
The past three years of vulnerability research and cryptanalysis has not been kind to the JOSE family of Internet standards (most commonly known as JSON Web Tokens a.k.a. JWT). This has led to many security experts declaring boldly, “Don’t use JWT!” but has left many developers in want of a viable alternative. Scott went a step further and designed a safer alternative: PASETO (Platform-Agnostic SEcurity TOkens), which is currently implemented in 10 programming languages.
Bio
Scott Arciszewski specializes in security, and not just compliance either. His passion is to encourage companies to get reasonable protection against data breaches. This is why he cofounded Paragon Initiative Enterprises.
Scott has over 15 years of software development, system administration, and of course, application security under his belt. He has a passion for Open Source software and believes no one should be limited by the diversity or quality of their software.
When he’s not solving security problems, you can find Scott writing on his company blog, contributing secure code snippets to Stack Overflow, attending security conferences, and educating people about security on Twitter.