Email the Author
You can use this page to email Sal Kimmich about Code, Chips and Control.
About the Book
Through the lens of the top 100 hacks since 1985, learn cybersecurity through real-world examples of what went wrong to convince us of “best practices". This is the cybersecurity book to understand the modern moment of digital defense, and the hacks that made it happen.
From the ghosts of Spectre and Meltdown to the shadowy supply chains behind modern semiconductors, the story of compute infrastructure is full of haunting breaches and spectral vulnerabilities that refuse to rest in peace. This is a book that slows those moments down and shows us how to think about how we build threat models with isolation in mind from hardware to runtime, from data centers to satellites.
We go through in the order that considers how security threat models work at every level, and what attacks enjoyed exploiting the gaps in their threat models over time. We start with how the world builds chips, and historical hardware level vulnerabilities. Then we’ll chat about the evolution of security proofs, and unlock the power of zero-trust architecture. Then we get to understand the politics and time pressure of the days that have affected coordinated discloser of a zero-day events in the past to see how improve them for the future. After that? We look at chips to go to the end of the universe to be secure and resilient when the most likely adversary is cosmic radiation. It’s a wild ride, join in:
Chapter One: The origins and Evolution of Semiconductor Technology and Architecture
Chapter Two: Kernels: Architecture, Security and Governance
Chapter Three: The Spectre of Vulnerability
Chapter Four: Embedded Systems in the Devices Around Us
Chapter Five: Disclosure Diplomacy: Vulnerabilities and Security Interests
Chapter Six: The Babylon Tower and Knowing What We Know
Chapter Seven: Hypervisors and the Politics of Virtualisation
Chapter Eight: Chips at the Edge of the Universe
About the Author
Sal Kimmich is a privacy and security subject-matter expert and open-source developer and mentor. They’ve led security-by-design across cloud, HPC, and AI: embedding ISO 27001 practices, OpenSSF methods, and confidential computing into real projects. Their work spans developer advocacy at Sonatype, technical direction at GadflyAI, and a privacy advisory role with OurWorlds. Sal became an open source nerd during their years working with NeuroDebian and bash scripting into supercomputers at the U.S. National Institutes of Health. Current recognitions include UK Top 50 Open Source Contributor (2023), a shortlist for Security Woman of the Year (2024), and avid member of the Stone Club UK.