colek42
- Karma
- 0
- Created
- ()
- Submissions
- 0
-
I helped create Witness, donated it to the CNCF/in-toto ecosystem, and worked on the NIST 800-204D "pipeline observer" guidance. CI/Lock is the next version of that work, and it's under the Apache 2.0 license. Here's…
-
I served 12 years infantry, then built targeting tools at JSOC vs ISIS. Now I lead a team building AI tools automating the compliance process. I’ve got opinions on Anthropic + DoD When people argue about “AI in weapons”…
- Shifting 'Shift Left' and What We Can Learn from Uber (productgovernance.substack.com)
- Shifting 'Shift Left' and What We Can Learn from Uber (productgovernance.substack.com)
- How to Shift Compliance Left – A Letter to Developers (productgovernance.substack.com)
- Shifting Compliance Left – A Letter to Compliance Teams (productgovernance.substack.com)
- Building an Effective Enterprise Software Supply Chain Policy (testifysec.com)
- Witness is a pluggable framework digital attestation (github.com)
- Keyless Signing of Digital Attestations with Witness and SigStore (testifysec.com)
- Keyless Signing with Witness and SigStore (testifysec.com)
- Automating Compliance – Why the SBOM Falls Short (testifysec.com)
- What Is a Software Supply Chain Attestation? (testifysec.com)
- Fpx: Easy USB‑C power for all your devices (fpx.oxplot.com)
- What Is a Software Supply Chain Attestation (testifysec.com)
- What is an SBOM, and why should you care? (boxboat.com)
- Next week might as well be SBOM Week (tomalrichblog.blogspot.com)