I built a system that verifies whether a security decision was altered or not.
The idea is simple:
given a decision file and its evidence bundle, the system can independently verify its integrity.
It produces:
- VERIFIED (intact)
- or TAMPERED (modified)
Key characteristics:
- works fully offline (no cloud, no API)
- deterministic (same input always gives the same result)
- no need to trust the original system
Why this matters:
teams can run security scans, but often cannot prove why a decision was made after the fact.
This focuses only on verification and proof.
I created a simple demo:
- run verify
- modify one value
- see it fail
Iām interested to know:
would something like this be useful in audits, compliance, or incident investigations?
If relevant, feel free to reach out:
mohammed.devsec@gmail.com
Top comments (0)