Mr.Trunk · @mrtrunk
12 followers · 19964 posts · Server dromedary.seedoubleyou.me
SecurityWeek: Webinar Today: Scaling Software Supply Chain Security https://www.securityweek.com/webinar-tomorrow-unpacking-the-secure-supply-chain-consumption-framework-s2c2f/ #SupplyChainSecurity
Mr.Trunk · @mrtrunk
12 followers · 19675 posts · Server dromedary.seedoubleyou.meSecurityWeek: Webinar Tomorrow: Unpacking the Secure Supply Chain Consumption Framework (S2C2F) https://www.securityweek.com/webinar-tomorrow-unpacking-the-secure-supply-chain-consumption-framework-s2c2f/ #SupplyChainSecurity
GitHub · @github
86 followers · 140 posts · Server techhub.social
A faster way to manage version updates with Dependabot
Check it out! 👇
https://github.blog/2023-08-24-a-faster-way-to-manage-version-updates-with-dependabot/
#supplychainsecurity #dependabot #security #product
Mr.Trunk · @mrtrunk
7 followers · 15576 posts · Server dromedary.seedoubleyou.me
SecurityWeek: New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack https://www.securityweek.com/new-carderbee-apt-targeted-chinese-security-software-in-supply-chain-attack/ #SupplyChainSecurity #Malware&Threats #SupplyChain #China
#supplychainsecurity #malware #supplychain #china
Mr.Trunk · @mrtrunk
6 followers · 14518 posts · Server dromedary.seedoubleyou.me
SecurityWeek: Google Brings AI Magic to Fuzz Testing With Eye-Opening Results https://www.securityweek.com/google-brings-ai-magic-to-fuzz-testing-with-eye-opening-results/ #ApplicationSecurity #SupplyChainSecurity #Vulnerabilities
#applicationsecurity #supplychainsecurity #vulnerabilities
Mr.Trunk · @mrtrunk
6 followers · 14415 posts · Server dromedary.seedoubleyou.meSecurityWeek: Google Brings AI Magic to Fuzz Testing With Eye-Opening Results https://www.securityweek.com/google-brings-ai-magic-to-fuzz-testing-with-eye-opening-results/ #ApplicationSecurity #SupplyChainSecurity #Vulnerabilities
#applicationsecurity #supplychainsecurity #vulnerabilities
Mr.Trunk · @mrtrunk
5 followers · 10421 posts · Server dromedary.seedoubleyou.meSecurityWeek: CISA Calls Urgent Attention to UEFI Attack Surfaces https://www.securityweek.com/cisa-calls-urgent-attention-to-uefi-attack-surfaces/ #SupplyChainSecurity #IoTSecurity #Government
#supplychainsecurity #iotsecurity #government
Mr.Trunk · @mrtrunk
5 followers · 10125 posts · Server dromedary.seedoubleyou.meSecurityWeek: Software Supply Chain Startup Endor Labs Scores Massive $70M Series A Round https://www.securityweek.com/software-supply-chain-startup-endor-labs-scores-massive-70m-series-a-round/ #SupplyChainSecurity #VarunBadhwar #Funding/M&A #EndorLabs
#supplychainsecurity #varunbadhwar #funding #endorlabs
Mr.Trunk · @mrtrunk
5 followers · 9507 posts · Server dromedary.seedoubleyou.meSecurityWeek: Socket Scores $20M as Investors Bet on Software Supply Chain Security Startups https://www.securityweek.com/socket-scores-20m-as-investors-bet-on-software-supply-chain-security-startups/ #SupplyChainSecurity #Funding/M&A #VCfunding #Socket
#supplychainsecurity #funding #vcfunding #socket
GitHub · @github
62 followers · 117 posts · Server techhub.socialGitHub Repository Rules are now generally available
Check it out! 👇
https://github.blog/2023-07-24-github-repository-rules-are-now-generally-available/
#supplychainsecurity #repositoryrules #security #product
Andrea Saez · @dreasaez
292 followers · 152 posts · Server fosstodon.orgHi friends ✌️
Looking to learn a bit more about devops security! Would appreciate if you could answer question below. If other, please comment.
Who is in charge of supply chain security at your organisation?
#supplychain #supplychainsecurity #devops
Beth Pariseau · @BPariseau
311 followers · 126 posts · Server hachyderm.io"They can request SBOMs til they're blue in the face, but there’s no framework in place for enforcement."
- @webjedi in my writeup of #SBOM-a-rama:
https://www.techtarget.com/searchitoperations/news/366542018/CISA-SBOM-standards-efforts-stymied-by-confusion-inertia
#softwaresupplychain #cybersecurity @CISAgov
#CISA #NTIA #NIST #FDA #softwaresupplychainsecurity #supplychainsecurity #softwarebillofmaterials #cloud #cloudsecurity #security #infrastructure #cloudnative #cloudnativesecurity #sbomarama
#SBOM #softwaresupplychain #cybersecurity #cisa #ntia #nist #fda #softwaresupplychainsecurity #supplychainsecurity #softwarebillofmaterials #cloud #cloudsecurity #security #infrastructure #cloudnative #CloudNativeSecurity #sbomarama
The Hacker News · @hackernews_bot
2464 followers · 1751 posts · Server social.platypush.techReferenced link: https://thehackernews.com/2023/05/guac-01-beta-googles-breakthrough.html
Discuss on https://discu.eu/q/https://thehackernews.com/2023/05/guac-01-beta-googles-breakthrough.html
Originally posted by The Hacker News / @TheHackersNews: http://nitter.platypush.tech/TheHackersNews/status/1663847788445048832#m
⚡️🔐 Strengthen your defenses against supply chain attacks!
#Google introduces GUAC 0.1 Beta, an open-source framework to analyze relationships, map vulnerabilities, and protect your organization.
Read details: https://thehackernews.com/2023/05/guac-01-beta-googles-breakthrough.html
#google #cybersecurity #supplychainsecurity
aegilops :github::microsoft: · @aegilops
143 followers · 527 posts · Server fosstodon.orgYesterday 🗓️ I made a prototype ⚙️ to improve #GitHub :github: #Dependabot when using #GoLang.
👉 If you’d like to try it out, and promise 🙏 to give feedback 🗣️, I can give a few people access to a private 🔒 repo before I open source 🤗something - just drop me your GitHub handle please.
Read on 👀 for how it works 👇
#SCA #AppSec #SupplyChainSecurity #DependencySubmission #AST #AbstractSyntaxTree #GitHubAdvisoryDatabase #VulnerabilityManagement
#github #dependabot #golang #sca #appsec #supplychainsecurity #dependencysubmission #ast #abstractsyntaxtree #githubadvisorydatabase #vulnerabilitymanagement
GitHub · @github
7 followers · 42 posts · Server techhub.socialDependabot relieves alert fatigue from npm devDependencies
Check it out! 👇
https://github.blog/2023-05-02-dependabot-relieves-alert-fatigue-from-npm-devdependencies/
#SupplyChainSecurity #Npm #Dependabot #Security #Product #OpenSource
#supplychainsecurity #npm #dependabot #security #product #opensource
Ludovic Courtès · @civodul
1176 followers · 4172 posts · Server toot.aquilenet.fr“How To Trust a Machine”
https://blog.josefsson.org/2023/04/29/how-to-trust-a-machine/
Insightful post by @jas4711 on the journey towards #SupplyChainSecurity.
Beth Pariseau · @BPariseau
295 followers · 95 posts · Server hachyderm.ioMy latest: Amid #SupplyChain attacks, #Codenotary rethinks #SBOM #supplychainsecurity https://www.techtarget.com/searchitoperations/news/366536055/Amid-supply-chain-attacks-emerging-vendor-rethinks-SBOM
#supplychain #codenotary #SBOM #supplychainsecurity
Ludovic Courtès · @civodul
1164 followers · 4129 posts · Server toot.aquilenet.fr@theruran @allan I ended up talking a lot about #ReproducibleBuilds and #bootstrapping, showing off with what @janneke & co. have been doing (timely!), since I think these are two of three pillars that make #Guix a solid foundation for #SupplyChainSecurity.
#supplychainsecurity #guix #bootstrapping #reproduciblebuilds
Ludovic Courtès · @civodul
1156 followers · 4097 posts · Server toot.aquilenet.frIn the meantime, another class of #SupplyChainSecurity problems I described in https://hpc.guix.info/blog/2021/09/whats-in-a-package/ remains.
Ludovic Courtès · @civodul
1153 followers · 4089 posts · Server toot.aquilenet.frI’ll be giving a public talk about #SupplyChainSecurity with #Guix, hosted by Galois on-line, next Monday.
▶ https://galois.com/blog/2023/04/building-a-secure-software-supply-chain-with-gnu-guix/
📅 Monday 24 April, 7PM CEST (10AM Pacific Time)