HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ktrychon1

38 karmajoined 4 anni fa

Submissions

What AI Sandboxing Means

kenhuangus.substack.com
2 points·by ktrychon1·8 giorni fa·1 comments

New Container Runtime Styrolite

github.com
4 points·by ktrychon1·anno scorso·0 comments

[untitled]

2 points·by ktrychon1·2 anni fa·0 comments

Chainguard Open Sources GitHub STS App

github.com
2 points·by ktrychon1·2 anni fa·1 comments

Bazel Ruels for Apko

github.com
1 points·by ktrychon1·3 anni fa·0 comments

Securing AI Container Images

i-programmer.info
2 points·by ktrychon1·3 anni fa·0 comments

Elastic partners with Chainguard on Software Supply Chain security assessment

elastic.co
2 points·by ktrychon1·3 anni fa·0 comments

Open Container Initiative announces upcoming changes for registries

chainguard.dev
59 points·by ktrychon1·3 anni fa·9 comments

Aerospace Village release new badge for DEFCON 31

tindie.com
1 points·by ktrychon1·3 anni fa·1 comments

Cyber experts work to write code in safer languages

washingtonpost.com
2 points·by ktrychon1·3 anni fa·0 comments

GitHub Fixes Information Leak Bug in Its Container Registry

chainguard.dev
1 points·by ktrychon1·3 anni fa·0 comments

What's what with Wolfi, the Linux “undistribution,” and ARM

opensourcewatch.beehiiv.com
4 points·by ktrychon1·4 anni fa·0 comments

Slack Says Hackers Stole Private Source Code Repositories

securityweek.com
8 points·by ktrychon1·4 anni fa·1 comments

Government Workers Facing Seven Years in Prison for Not Updating Software

slate.com
3 points·by ktrychon1·4 anni fa·0 comments

A Year Later, That Brutal Log4j Vulnerability Is Still Lurking

wired.com
4 points·by ktrychon1·4 anni fa·0 comments

[untitled]

1 points·by ktrychon1·4 anni fa·0 comments

Securing the Machine Learning Supply Chain

chainguard.dev
2 points·by ktrychon1·4 anni fa·0 comments

Lessons from Leaked Android Platform Signing Keys

chainguard.dev
3 points·by ktrychon1·4 anni fa·1 comments

Software supply chain security is broader than SolarWinds and Log4j

techcrunch.com
1 points·by ktrychon1·4 anni fa·1 comments

Chainguard Enforce is now available on AWS Marketplace

chainguard.dev
2 points·by ktrychon1·4 anni fa·1 comments

comments

ktrychon1
·2 anni fa·discuss
Octo STS a “Security Token Service” (STS) for GitHub credentials. Using this App, workloads running essentially anywhere that can produce OIDC tokens can federate with this App's STS API in order to produce short-lived tokens for interacting with GitHub.
ktrychon1
·3 anni fa·discuss
This badge is built around the ESP32-S2 microcontroller serving as its own Wi-Fi access point. Additionally, the Wright Flyer badge has expansion capabilities to showcase two of your favorite #SAO.

Upon conclusion of #DEFCON 31, the source code will be made available for anyone who wants to modify and upgrade their very own copy of flight history.

All proceeds will go towards supporting our mission to build an inclusive community & promote knowledge.
ktrychon1
·4 anni fa·discuss
On November 30, 2022, the Android Security and Privacy Team project published a vulnerability report as part of the Android Partner Vulnerability Initiative, which tracks security issues for Android Original Equipment Manufacturers (OEMs).

As attackers increase their sophistication, our defensive technologies for software signing must grow more sophisticated as well. This post focused primarily on the Android ecosystem in light of recent events, but the lessons learned apply to all systems for distributing software securely, including the internal software supply chain of any organization.

To protect yourself, it’s best to use tools with these principles built-in. For instance, Sigstore has transparency as a fundamental component, and uses TUF to manage its own root of trust, ensuring that if the worst were to happen, the project can safely recover.
ktrychon1
·4 anni fa·discuss
The security vendor landscape is selling a pipedream that “scanners” and “software composition analysis” wares can detect all of the critical vulnerabilities at the software artifact level. They don’t.
ktrychon1
·4 anni fa·discuss
Chainguard today announced the availability of Chainguard Enforce on Amazon Web Services (AWS) Marketplace. Chainguard Enforce is a software supply chain risk management platform that helps organizations secure every step of the software development lifecycle, by continuously monitoring security metadata to make real-time policy decisions for container application workloads.

The availability of Chainguard Enforce on AWS Marketplace makes it easier for existing AWS customers, software developers, enterprises and small and mid-sized businesses (SMB) to discover, purchase and deploy Chainguard Enforce in their existing AWS account.