HackerTrans
トップ新着トレンドコメント過去質問紹介求人

livealight

no profile record

投稿

State of the Software Supply Chain (2024)

sonatype.com
1 ポイント·投稿者 livealight·2 年前·0 コメント

Show HN: Kuvastin – An E Ink art piece that displays AI art from Google cal

turunen.dev
5 ポイント·投稿者 livealight·3 年前·2 コメント

The Cyber Resilience Act Threatens the Future of Open Source

devops.com
4 ポイント·投稿者 livealight·3 年前·0 コメント

BOM Doctor: Visualise and Patch Java SBOMS

bomdoctor.sonatype.com
1 ポイント·投稿者 livealight·3 年前·0 コメント

8th State of the Software Supply Chain Report

sonatype.com
1 ポイント·投稿者 livealight·4 年前·0 コメント

Check your gems: RubyGems fixes unauthorized package takeover bug

bleepingcomputer.com
2 ポイント·投稿者 livealight·4 年前·0 コメント

[untitled]

1 ポイント·投稿者 livealight·4 年前·0 コメント

PyPI, NuGet, NPM Flooded with Roblox and Fortnite Spam: Why?

blog.sonatype.com
2 ポイント·投稿者 livealight·4 年前·0 コメント

Log4shell by the numbers- Why did CVE-2021-44228 set the Internet on Fire?

blog.sonatype.com
1 ポイント·投稿者 livealight·5 年前·0 コメント

コメント

livealight
·3 年前·議論
Very neat! Did a similar project with AI generated images. Fun for days with this kind of cheap hardware!
livealight
·3 年前·議論
Thanks! It definitely passed the weekend well - do share if you end up building it!
livealight
·3 年前·議論
It let log4j pass for as long as it was known to be good. Within hours of the CVE opening the tool was blocking it. The purpose of dependency firewalls is to avoid two things: known badly vulnerable packages AND known malicious packages that serve no other purpose than to steal data or drop a trojan. No security is 100% bulletproof, but it's really surprising how much of the damage is done by 7 year old CVEs. Firewalls can be useful in exactly that.
livealight
·3 年前·議論
This exact same sentiment came through in the National Cyber Security Strategy the US released. It describes a minimum acceptable level of software development, called safe harbours, based on e.g. the NIST Secure Development Standards.

Whether we like it or not, it seems legislation is forming on how to code and ship software.

https://www.whitehouse.gov/briefing-room/statements-releases...