← All Experience
JARRED CARTER
SECURITY ENGINEER • FITNESS INSTRUCTOR • MODEL
--:-- [NY] --

Security Analyst

The Open Law Platform empowers people to focus on high-value tasks, auto-updates the legal code as laws become effective, and improves how people connect with citizens. Draft, codify, and publish better laws without onerous copyright restrictions and reduce repetitive tasks in the process.

[SCROLL TO EXPLORE]

Security Documentation Automation Verification
View on GitHub
Open Law Library Codify
Playbook

The Problem

Public law infrastructure has a trust problem: when governments publish legal documents online, there's no guarantee that the content hasn't been tampered with by bad actors, accidental overwrites, or repository changes. Open Law Library's TAF (The Archive Framework) adds a Python-based layer over TUF (The Update Framework) to cryptographically authenticate law repositories hosted on GitHub.

The challenge is that engineering and operations teams weren't consistently using the security tooling, and the vulnerability process management lacked the structure needed to catch and remediate issues before they reached production, thus putting the integrity of law served to 40,000+ users at risk.

What's Included

  • Documentation and reporting workflows designed to drive adoption of security tooling across engineering and operations teams
  • Operational security tooling maintenance ensuring continuous verification of code commits on public law hosting infrastructure
  • Vulnerability triage and remediation tracking aligned to internal SLAs
  • Risk assessment reporting built from aggregated vulnerability and system data across application and infrastructure environments

Impact

Supported security operations for a platform serving 40,000+ users where the stakes are unusually high: the content being protected is public law, and any undetected tampering would undermine civic trust in legal information. By improving documentation workflows and tightening the vulnerability management process, engineering teams gained clearer remediation paths and faster turnaround on findings, directly supporting the integrity of authenticated law repositories used by government partners including the City of San Mateo.

Technical Stack

  • Python: primary language for TAF development and tooling contributions
  • TAF (The Archive Framework): Python-based framework built on top of TUF for authenticating
  • TUF (The Update Framework): underlying cryptographic signing and metadata validation standard
  • GitHub: repository hosting for both law content (XML, HTML, PDF) and authentication metadata
  • Shell: Command line interface options developed to extend TAF's usability and updater functionality

[NEXT]

Penetration Testing Engineer