federico Sep 22

Software supply chain security in the age of LLMs:

#SoftwareSupplyChains #SoftwareSupplyChainSecurity
#supplychainsecurity #SupplyChainAttack #infosec

Peter HartleyJul 22
I have no sympathy for people who don't CI their MSRV, but I _do_ have sympathy for people who think they're CI'ing their MSRV, but due to the inscrutability of Github CI actions, have actually been building with latest-stable the whole time. (Not naming the project in question because, you know, sympathy.) #rust #rustLang #SoftwareSupplyChains
Finite StateJul 11

We explored what a modern #IoTsecurity stack looks like & how to

βœ…Move beyond patchwork tools to integrated security workflows
βœ…Gain deep visibility into firmware, binaries & #SoftwareSupplyChains
βœ…Align security investment with evolving global regs

πŸ”— https://finitestate.io/blog/building-modern-iot-security-stack

Building a Modern IoT Security Stack: Securing From Source to Firmware

Don’t just scan your sourceβ€”secure your full IoT stack. Learn how to build a modern, layered security strategy from code to firmware and beyond.

anchoreMar 1
#SBOMs are the backbone of secure #softwaresupplychains, enabling proactive #vulnerability management and #compliance automation. But there is more - discover their full potential in our latest guide https://get.anchore.com/use-cases-for-the-entire-organization/
Alex Floyd MarshallNov 21, 2022
This looks really promising. #Infosec #SoftwareSupplyChains #supplychainsecurity #Google #GUAC https://cloud.google.com/blog/topics/developers-practitioners/using-the-open-source-insights-dataset/
Using the Open Source Insights dataset to analyze the security and compliance of your dependencies | Google Cloud Blog

In this blog, we’ll cover several ways your team can use the Open Source Insights dataset, which scans millions of open-source packages, creates dependency graphs, and annotates it with metadata

Google Cloud Blog
Dan ConnNov 21, 2022

OK time for this one!

Hey #Hachyderm I'm Dan Conn and I've been a software developer for just over 10 years, with a strong interest in cybersecurity for just as long.

Professionally I'm interested in #Java, #Python, #SecureCoding #SoftwareSupplyChains, #ThreatModelling, #OSINT4Good #PenTesting #AppSec and #Cryptography

I like to do talks, hack, code, run and also love making music and listening / dancing to it too ❀️

Come say hi!

#Introductions #Introduction