Securing the open source supply chain
source link: https://changelog.com/podcast/482
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Brought to you by
This week we’re joined by the “mad scientist” himself, Feross Aboukhadijeh…and we’re talking about the launch of Socket — the next big thing in the fight to secure and protect the open source supply chain.
While working on the frontlines of open source, Feross and team have witnessed firsthand how supply chain attacks have swept across the software community and have damaged the trust in open source. Socket turns the problem of securing open source software on its head, and asks…“What if we assume all open source may be malicious?” So, they built a system that proactively detects indicators of compromised open source packages and brings awareness to teams in real-time. We cover the whys, the hows, and what’s next for this ambitious and very much needed project.
Recommend
-
16
Gossamer Verifiable supply-chain security for open source software. Gossamer combines cryptographic signatures with transparency logs to ensure software updates are trustworthy. ...
-
9
Building a supply chain attack with .NET, NuGet, DNS, source generators, and more! May 05, 2021
-
8
GitHub secret scanning has been securing our users’ code by scanning for and revoking secrets since 2015. Recently, we’ve focused on scanning for pac...
-
5
FTC highlights the importance of securing Log4j and software supply chain ...
-
8
Securing the Open-source Software Supply Chain Mar 12, 2022 4...
-
11
strings: the Sourcegraph blogA collection of characters, stories, and other elementsThe real weakest link in software supply chain security (it’s not open...
-
5
Sponsored by Cockroach Labs CockroachDB was created to give developers a simple-to-use, even-easier-to-scale cloud database that works the way you like to work. Use your favorite tools. Write in familiar SQL. And now with ser...
-
7
Securing our Rust supply chain with cargo-vet From: Bobby Holley <bholley-4eJtQOnFJqFBDgjK7y7TUQ-AT-public.gmane.org> To:...
-
6
Securing the Supply Chain of Nothing The Cybersecurity and Infrastructure Security Agency (CIS...
-
5
Securing Developer Tools: A New Supply Chain Attack on PHP This R&D team disco...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK