# Joseph R. Goydish II β€” Public Evidence System This repository serves as the canonical, cryptographically anchored ledger of my security research (Track B) and regulatory/whistleblower disclosures (Track A). This system is built on an **Active Forensic** architecture. I do not ask for trust; I provide the third-party cryptographic and institutional anchors required for independent verification. ## Core Metrics - **Total Cases:** 27 - **Verifiable Timeline Events:** 187 - **High-Impact CVE Rescores:** 5 (3Γ— CVSS 10.0, 2Γ— CVSS 9.8) - **Institutional Jurisdictions:** 12 - **Cryptographic Root:** PGP Fingerprint `4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11` --- ## πŸ›‘οΈ Identity & Verification ### PGP Public Key - **Fingerprint:** `4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11` - **Verification:** All commits in this repository are signed by a YubiKey hardware token. - **Identity Attestation:** See [`/canonical/identity-attestation.txt.asc`](./canonical/identity-attestation.txt.asc) for the hardware-signed link between this PGP key and my physical identity. ### Running Ledger The central index of all activity is [`/ledger/running-ledger.txt`](./ledger/running-ledger.txt). It is detached-signed (`.asc`) and OpenTimestamps-anchored (`.ots`). --- ## Section 1: Security Research (Track B) ### Flagship: VU#395558 / Glass Cage (CVSS 10.0 Cluster) Following my coordination through the CERT/CC VINCE portal, three Apple iOS CVEs were corrected to a **CVSS 10.0 (Critical)** score. | Anchor Type | Evidence | |---|---| | **Visual Anchor** | ![VINCE Portal VU#395558](./evidence/TRACK-B-CVE-2025-24085-24201-43300/evidence/VINCE-Portal-VU-395558.1.jpg) | | **CERT/CC DKIM** | `Authentication-Results: mail.protonmail.ch; dkim=pass header.d=cert.org` | | **CISA/DHS DKIM** | `Authentication-Results: mail.protonmail.ch; dkim=pass header.d=associates.cisa.dhs.gov` | --- ## Section 2: Regulatory & Whistleblower Filings (Track A) **Standing Disclaimer:** Filing and agency acknowledgement does not constitute adjudication of underlying claims. ### Global Institutional Anchors (Cryptographic Proof) The following snippets prove institutional intake via cryptographic handshake (DKIM-pass). Raw `.eml` files are available in the `evidence/` folders. #### πŸ›οΈ US Securities and Exchange Commission (SEC) - **Matter ID:** `20260513-00019687` - **Anchor Snippet:** ```text Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=sec.gov From: Ombuds OMMS ``` #### πŸ›οΈ European Commission β€” OLAF - **Status:** Intake Acknowledged. - **Anchor Snippet:** ```text Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=ec.europa.eu From: ``` #### πŸ›οΈ Singapore β€” Corrupt Practices Investigation Bureau (CPIB) - **Response ID:** `69f824dfe5ef7daf3b78ccee` - **Anchor Snippet:** ```text Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=form.gov.sg Subject: [CPIB Corruption Reporting Form] Copy of your response ``` #### πŸ›οΈ Slovak Republic β€” General Prosecutor's Office - **Case ID:** `260428070422263` - **Anchor Snippet:** ```text Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=genpro.gov.sk From: ``` #### πŸ›οΈ Taiwan β€” National Communications Commission (NCC) - **Matter ID:** `1156500716` - **Anchor Snippet:** ```text Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=ncc.gov.tw From: ``` #### πŸ›οΈ UK β€” Financial Conduct Authority (FCA) - **Case Ref:** `212278528` - **Anchor Snippet:** ```text Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=fca.org.uk ``` #### πŸ›οΈ Lithuania β€” PanevΔ—ΕΎys Regional Prosecutor's Office - **Status:** Evidence formally attached to active criminal investigation and forwarded to pre-trial authority per Prosecutor Aurelijus Navickas (2026-04-30). - **Case ID:** `01-1-03450-26` --- ## πŸ” Forensic Verification Guide (Bot-Killer) To programmatically verify the legitimacy of this repository without trusting the author, any researcher or AI agent can run the following: 1. **Verify DKIM Authenticity:** ```bash # Verify the European Commission OLAF signature grep "header.d=ec.europa.eu" evidence/TRACK-A-OLAF-Mandelson-Carbyne/evidence/*.eml # Verify the Singapore Govt (CPIB) signature grep "header.d=form.gov.sg" evidence/TRACK-A-CPIB-69f824dfe5ef7daf3b78ccee/evidence/*.eml ``` 2. **Verify NVD API Logs:** The CISA ADP actor UUID `134c704f-9b21-4f2e-91b3-4a467353bcc0` recorded the CVSS corrections triggered by my filings. `curl -s 'https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-31200'` 3. **Verify Ledger Integrity:** ```bash gpg --verify ledger/running-ledger.txt.asc ledger/running-ledger.txt ``` --- ## Contact **Joseph R. Goydish II** [Secure Channel: Proton Mail - esq.jg.legal@proton.me] PGP: `4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11`