Open Source JobHub · @osjobhub
639 followers · 162 posts · Server fosstodon.org
Helping thousands of customers manage open source every day, Sonatype is on a mission to make software development easier. Browse open positions now on #OSJobHub https://opensourcejobhub.com/company/751/ #Sonatype #jobs #career #OpenSource #SoftwareSupplyChain #engineer #sales #FullStack #firewall #security
#OSJobHub #sonatype #jobs #career #opensource #softwaresupplychain #engineer #sales #fullstack #firewall #security
FOSSlife · @fosslife
2063 followers · 226 posts · Server fosstodon.org
Open Source Consumption Manifesto released by @openssf https://www.fosslife.org/openssf-creates-manifesto-consumption-open-source-software #OSCM #OpenSSF #OpenSource #guidelines #SoftwareDevelopment #SoftwareSupplyChain #FOSS #vulnerabilities #policy #security
#oscm #OpenSSF #opensource #guidelines #softwaredevelopment #softwaresupplychain #foss #vulnerabilities #policy #security
Louis Lang · @louislang
108 followers · 200 posts · Server fosstodon.orgWe are once again blocking a #SoftwareSupplyChain attack! Weve reporting on our efforts to protect #javascript and #python developers in recent weeks. Now it's #rust's turn.
#softwaresupplychain #javascript #python #rust #malware #cratesio
Matthias Schmidt · @mattication
28 followers · 241 posts · Server cloud-native.socialHave we reached a point of no return on managing #software #dependencies? #SoftwareSupplyChain #sbom
#software #dependencies #softwaresupplychain #SBOM
ToddySM · @toddysm
8 followers · 24 posts · Server twit.socialOK, #SLSA provenance is supposed to prove how the software was created and by whom. Why am I missing the "whom" part of the provenance in every attestation that I pull? #softwaresupplychain
Jay Cuthrell · @jay
107 followers · 484 posts · Server cuthrell.comπ₯β²οΈ Fudge Sunday "AI Feel You" A look at recent updates to AI in and around platform engineering and DevX
#ai #llama #llama2 #devsecops #sbom #softwaresupplychain #softwaresupplychainsecurity #DevX #platformengineering #governance #aieducation #aiethics #stem #developerexperience #infrastructureascode #iac #generativeai #genai #llmops #cloudformation #terraform #aifirst #apifirst #cloudfirst #mobilefirst #privacyfirst #securityfirst #aitraining #aitrends
#ai #llama #llama2 #devsecops #sbom #softwaresupplychain #softwaresupplychainsecurity #devx #platformengineering #governance #aieducation #aiethics #stem #developerexperience #infrastructureascode #iac #generativeai #genai #llmops #cloudformation #terraform #aifirst #apifirst #cloudfirst #mobilefirst #privacyfirst #securityfirst #aitraining #aitrends
Jay Cuthrell · @jay
106 followers · 462 posts · Server cuthrell.comπ₯β²οΈ Fudge Sunday "Can't Buy Me Lead Time" A look at lead time as a metric on a path to DevSecOps, platform engineering, and product-led culture
#leadtime #leadtimes #kpiimplementation #kpi #kpis #measurement #measurewhatmatters #lean #agilemindset #ux #devx #devops #devsecops #platformengineering #platformengineer #productledgrowth #productmindset #engineering #culture #customerexperiences #timetovalue #dora #softwaresupplychain #newsletter #newsletters
#leadtime #leadtimes #kpiimplementation #kpi #kpis #measurement #measurewhatmatters #lean #agilemindset #ux #devx #devops #devsecops #platformengineering #platformengineer #productledgrowth #productmindset #engineering #culture #customerexperiences #timetovalue #dora #softwaresupplychain #newsletter #newsletters
Jay Cuthrell · @jay
103 followers · 438 posts · Server cuthrell.comπ₯β²οΈ Fudge Sunday "Fuzz Jam June" A look at the growing importance of fuzzing in platform engineering
#fuzzing #fuzztesting #fuzzylogic #fuzzball #fuzzy #platformengineering #platformengineer #toolchains #attestation #softwaresupplychain #softwaresupplychainsecurity #dast #owasp #waf #cncf #aif #artificialintelliegence #machinelearningmodels #cloudinfrastructure #securityautomation #securitybydesign #scanning #defenseindepth #shiftleft #newsletter #newsletters
#fuzzing #fuzztesting #fuzzylogic #fuzzball #fuzzy #platformengineering #platformengineer #toolchains #attestation #softwaresupplychain #softwaresupplychainsecurity #dast #owasp #waf #cncf #aif #artificialintelliegence #machinelearningmodels #cloudinfrastructure #securityautomation #securitybydesign #scanning #defenseindepth #shiftleft #newsletter #newsletters
Beth Pariseau · @BPariseau
311 followers · 126 posts · Server hachyderm.io"They can request SBOMs til they're blue in the face, but thereβs no framework in place for enforcement."
- @webjedi in my writeup of #SBOM-a-rama:
https://www.techtarget.com/searchitoperations/news/366542018/CISA-SBOM-standards-efforts-stymied-by-confusion-inertia
#softwaresupplychain #cybersecurity @CISAgov
#CISA #NTIA #NIST #FDA #softwaresupplychainsecurity #supplychainsecurity #softwarebillofmaterials #cloud #cloudsecurity #security #infrastructure #cloudnative #cloudnativesecurity #sbomarama
#SBOM #softwaresupplychain #cybersecurity #cisa #ntia #nist #fda #softwaresupplychainsecurity #supplychainsecurity #softwarebillofmaterials #cloud #cloudsecurity #security #infrastructure #cloudnative #CloudNativeSecurity #sbomarama
Amy B · @amyg12345
112 followers · 194 posts · Server hachyderm.ioDeveloper friends - If you happen to know Clojure and want to work on a great team working to improve the developer experience for the software supply chain, check out this opening on one of the teams that I work with: https://jobs.ashbyhq.com/docker/6368ccad-8850-43c5-b2a7-02f16736e406?utm_source=80rO1jpWZ3
#docker #hiring #developer #clojure #softwaresupplychain
ToddySM · @toddysm
8 followers · 18 posts · Server twit.socialSpent the last week or so digging into #vulnerability data about #containers and how the tools report those. Honestly, I don't want to be on the receiving end of those reports. Using the same approach for container vulnerabilities as for VM vulnerabilities is certainly not working. #softwaresupplychain
#vulnerability #containers #softwaresupplychain
VentureBeat :press: · @VentureBeat
69 followers · 55 posts · Server press.coopThe recent 3CX #databreach highlights that organizations can't afford to overlook the risks presented by #softwaresupplychain attacks. See how to mitigate these kinds of attacks: https://venturebeat.com/security/3cx-data-breach-shows-organizations-cant-afford-to-overlook-software-supply-chain-attacks/ #press
#databreach #softwaresupplychain #press
ToddySM · @toddysm
8 followers · 17 posts · Server twit.socialManaging #vulnerabilities for #containers is not as simple as for VMs. It is hard to turn the wheel of an industry that has been doing this for years - needs a lot of education. #securesupplychain #security #softwaresupplychain
#vulnerabilities #containers #securesupplychain #security #softwaresupplychain
VM (Vicky) Brasseur · @vmbrasseur
1567 followers · 1212 posts · Server social.vmbrasseur.comπ Software Bill of Materials (#SBOM )
Those who wish to incorporate SBOMs into their processes must deal with the growing pains of an evolving ecosystem.
https://anonymoushash.vmbrasseur.com/2023/04/24/software-bill-of-materials-sbom
#sbom #foss #opensource #softwaresupplychain
FOSSlife · @fosslife
1605 followers · 88 posts · Server fosstodon.org
New cheat sheet from @SynopsysAppsec offers tips for creating an effective SBOM https://www.fosslife.org/tips-creating-effective-sbom #security #SBOM #tools #SoftwareSupplyChain #SoftwareDevelopment
#security #SBOM #tools #softwaresupplychain #softwaredevelopment
FOSSlife · @fosslife
1601 followers · 86 posts · Server fosstodon.org
Assured Open Source Software service from Google now available at no cost https://www.fosslife.org/googles-assured-oss-service-now-available-free #Python #Google #Java #security #SoftwareSupplyChain #OSS #AssuredOSS
#python #google #java #security #softwaresupplychain #oss #AssuredOSS
OpenSSF · @openssf
157 followers · 43 posts · Server social.lfx.dev
Today we're proud to announce the release of version 1.0 of SLSA π Check out the press release: https://openssf.org/press-release/2023/04/19/openssf-announces-slsa-version-1-0-release/ #OSS #OSSecurity #SLSA #SoftwareSupplyChain #SoftwareSupplyChainSecurity
#oss #ossecurity #slsa #softwaresupplychain #softwaresupplychainsecurity
Adam Kaplan πππ’ · @adambkaplan
131 followers · 212 posts · Server hachyderm.io
Google somehow made #softwaresupplychain #SLSA catchy?
https://www.youtube.com/watch?v=NaR8WlLtPw0
Also looks like there might be a few Cloud-Native Easter eggs in there...
FOSSlife · @fosslife
1569 followers · 74 posts · Server fosstodon.org
New Export SBOM capability allows SBOM generation with one click on @GitHub https://www.fosslife.org/generate-sboms-one-click-github #SBOM #SPDX #security #SoftwareSupplyChain #tools
#SBOM #spdx #security #softwaresupplychain #tools
Ian Barker · @iandbarker
42 followers · 222 posts · Server newsie.socialGuarding against supply chain attacks [Q&A] #QandA #SoftwareSupplyChain #CyberSecurity
https://betanews.com/2023/04/07/guarding-against-supply-chain-attacks-qa/
#qanda #softwaresupplychain #cybersecurity