dlor
- Karma
- 0
- Created
- ()
- Submissions
- 0
- OpenPubKey and Sigstore (blog.sigstore.dev)
- The Tyranny of Nits (leafwing-studios.com)
- CVSS 4.0 Is Here, but Prioritizing Patches Still a Hard Problem (darkreading.com)
- CWE Top Most Dangerous Software Weaknesses (cwe.mitre.org)
- The EU’s Product Liability Directive could kill open source (techradar.com)
- Elastic Stack container images signed with Sigstore (elastic.co)
- Shrink to Secure: Kubernetes and Secure Compact Containers (gsantoro.dev)
- Supply chain security for Go, Part 2: Compromised dependencies (security.googleblog.com)
- The Principle of Minimalism (chainguard.dev)
- Fully bootstrapping Java from source in Wolfi (chainguard.dev)
- Removing PGP from PyPI (blog.pypi.org)
- Sigstore: Roots of Trust for Software Artifacts (infoworld.com)
- Feeling VEXed by software supply chain security? Us, too (theregister.com)
- Towards Easier, More Secure Signature Tech for the Java Ecosystem with Sigstore (blog.sigstore.dev)
- Memory safety is the new black, fashionable and fit for any occasion (theregister.com)
- Are SBOMs Good Enough for Government Work? (chainguard.dev)
- Sigstore December Roundup (blog.sigstore.dev)
- Signatus, ergo securus? Who can sign what with TUF and Sigstore (blog.sigstore.dev)
- Sigstore the Easy Way (rewanthtammana.com)
- Software Dark Matter Is the Enemy of Software Transparency (chainguard.dev)