| 1. | | OpenPubKey and Sigstore (sigstore.dev) |
| 93 points by dlor on Oct 6, 2023 | past | 28 comments |
|
| 2. | | The Tyranny of Nits (leafwing-studios.com) |
| 1 point by dlor on Sept 30, 2023 | past |
|
| 3. | | CVSS 4.0 Is Here, but Prioritizing Patches Still a Hard Problem (darkreading.com) |
| 3 points by dlor on July 24, 2023 | past |
|
| 4. | | CWE Top Most Dangerous Software Weaknesses (mitre.org) |
| 155 points by dlor on July 13, 2023 | past | 128 comments |
|
| 5. | | The EU’s Product Liability Directive could kill open source (techradar.com) |
| 1 point by dlor on July 10, 2023 | past | 1 comment |
|
| 6. | | Elastic Stack container images signed with Sigstore (elastic.co) |
| 1 point by dlor on June 30, 2023 | past |
|
| 7. | | Shrink to Secure: Kubernetes and Secure Compact Containers (gsantoro.dev) |
| 3 points by dlor on June 29, 2023 | past |
|
| 8. | | Supply chain security for Go, Part 2: Compromised dependencies (googleblog.com) |
| 2 points by dlor on June 24, 2023 | past |
|
| 9. | | The Principle of Minimalism (chainguard.dev) |
| 9 points by dlor on June 22, 2023 | past |
|
| 10. | | Fully bootstrapping Java from source in Wolfi (chainguard.dev) |
| 8 points by dlor on June 2, 2023 | past |
|
| 11. | | Removing PGP from PyPI (pypi.org) |
| 187 points by dlor on May 23, 2023 | past | 187 comments |
|
| 12. | | Sigstore: Roots of Trust for Software Artifacts (infoworld.com) |
| 1 point by dlor on May 15, 2023 | past |
|
| 13. | | He Untold Story of the Boldest Supply-Chain Hack Ever (wired.com) |
| 8 points by dlor on May 2, 2023 | past | 1 comment |
|
| 14. | | Feeling VEXed by software supply chain security? Us, too (theregister.com) |
| 2 points by dlor on Feb 28, 2023 | past |
|
| 15. | | 87% of Container Images in Prod Have Critical or High-Severity Vulnerabilities (darkreading.com) |
| 3 points by dlor on Feb 24, 2023 | past | 1 comment |
|
| 16. | | Towards Easier, More Secure Signature Tech for the Java Ecosystem with Sigstore (sigstore.dev) |
| 1 point by dlor on Feb 4, 2023 | past |
|
| 17. | | GitHub says hackers cloned code-signing certificates in breached repository (arstechnica.com) |
| 2 points by dlor on Jan 31, 2023 | past |
|
| 18. | | Memory safety is the new black, fashionable and fit for any occasion (theregister.com) |
| 4 points by dlor on Jan 26, 2023 | past |
|
| 19. | | Understanding the relationship between FOSS and the “software supply chain” (chainguard.dev) |
| 3 points by dlor on Jan 22, 2023 | past | 1 comment |
|
| 20. | | Are SBOMs Good Enough for Government Work? (chainguard.dev) |
| 1 point by dlor on Jan 21, 2023 | past |
|
| 21. | | Sigstore December Roundup (sigstore.dev) |
| 1 point by dlor on Dec 24, 2022 | past |
|
| 22. | | Signatus, ergo securus? Who can sign what with TUF and Sigstore (sigstore.dev) |
| 1 point by dlor on Dec 20, 2022 | past |
|
| 23. | | Sigstore the Easy Way (rewanthtammana.com) |
| 1 point by dlor on Nov 25, 2022 | past |
|
| 24. | | Iranian hackers use Log4Shell to mine crypto on federal computer system (cyberscoop.com) |
| 3 points by dlor on Nov 17, 2022 | past |
|
| 25. | | Software Dark Matter Is the Enemy of Software Transparency (chainguard.dev) |
| 8 points by dlor on Nov 10, 2022 | past |
|
| 26. | | Sigstore Verification of CPython Releases (python.org) |
| 5 points by dlor on Sept 8, 2022 | past |
|
| 27. | | NSA, CISA, ODNI Release Software Supply Chain Guidance for Developers (nsa.gov) |
| 4 points by dlor on Sept 2, 2022 | past |
|
| 28. | | What Your Scanner Doesn't Find Can Hurt You (chainguard.dev) |
| 2 points by dlor on Sept 2, 2022 | past |
|
| 29. | | One-Third of Popular PyPI Packages Mistakenly Flagged as Malicious (darkreading.com) |
| 4 points by dlor on Aug 23, 2022 | past |
|
| 30. | | Minimal Container Images: Towards a More Secure Future (chainguard.dev) |
| 1 point by dlor on Aug 23, 2022 | past |
|
|
| More |
