← Back to Library

Going deeper into layer zero: must-know for the cyber industry insiders

By Ross Haleliuk · Venture in Security · · 12 min read

Deep Dives

Explore related topics with these Wikipedia articles, rewritten for enjoyable reading:

  • Platform economy 16 min read

    The article's core thesis about 'layer zero' providers (AWS, Microsoft, Google) controlling foundational infrastructure is a specific manifestation of platform economics. Understanding how platforms create ecosystems, lock-in effects, and adjacent market opportunities would give readers deeper context for why security companies both depend on and compete with these providers.

  • Trusted computing base 12 min read

    The concept of a trusted computing base - the minimal set of hardware, firmware, and software components critical to security - is the technical foundation underlying the 'layer zero' concept. This gives readers the formal security engineering framework for understanding why operating systems, hypervisors, and cloud platforms have unique security significance.

Several months ago, I proposed a concept that helps explain how our industry works and what the prerequisites are for a startup to become a billion-dollar company. I called this concept a “layer zero” because it is the foundation upon which everything else gets built. That article got a fantastic response and I’ve had tens of people reach out with comments and questions about it. Today, I am sharing a few additional perspectives that build on the original idea and make the picture around layer zero much clearer. A lot of the thoughts here are an outcome of a few back-and-forth messages I had with Bill Phelps after the original article came out (Bill brought some really great points that informed my own thinking and this piece). Thanks, Bill!

This issue is brought to you by… ZeroPath

Why Your SAST Tool Misses the Scariest Bugs

ZeroPath has discovered critical vulnerabilities in curl, sudo, and Next.js that every traditional SAST, SCA, and secrets scanning tool missed. These are some of the most scrutinized open source projects in the world, but legacy security tools left them exposed. Conventional appsec tools rely on pattern matching and static rules that don’t understand how your code actually works. They miss the business logic flaws, authentication bypasses, and chained vulnerabilities that matter most. Instead, ZeroPath learns your codebase like a security researcher would, understanding how repositories, services, and dependencies interact.

First, a quick recap

To those of you who didn’t read the original piece, I highly recommend checking it out because it provides a broad overview of the idea foundational to this article. For those that did but need a quick refresher, here’s how I explained it: “…The entities best positioned to deliver real security are the ones building the core technologies. A cloud provider is logically in the best place to solve cloud security; an operating system vendor is closest to solve endpoint security; an email provider sees everything that flows through their infrastructure so they should be in the best position to solve email security; an identity provider already governs user access so they should be able to take care of identity threat detection and response effectively. These foundational providers own the systems that define how security boundaries are created, how access is enforced, and how data flows, so they have the ability to bake security in. It is these providers that I ...

Read full article on Venture in Security →

This excerpt is provided for preview purposes. Full article content is available on the original publication.