Enhancing trust for SGX enclaves
By Artur Cygan Creating reproducible builds for SGX enclaves used in privacy-oriented deployments is a difficult task that lacks a convenient and robust solution. We propose using Nix to achieve re…
Celebrating our 2023 open-source contributions
At Trail of Bits, we pride ourselves on making our best tools open source, such as Slither, PolyTracker, and RPC Investigator. But while this post is about open source, it’s not about our tools… In…
Adding build provenance to Homebrew
By William Woodruff This is a joint post with Alpha-Omega—read their announcement post as well! We’re starting a new project in collaboration with Alpha-Omega and OpenSSF to improve the transparenc…
Trusted publishing: a new benchmark for packaging security - Read the official announcement on the PyPI blog as well!
For the past year, we’ve ...
https://blog.trailofbits.com/2023/05/23/trusted-publishing-a-new-benchmark-for-packaging-security/ #engineeringpractice #ecosystemsecurity
Trusted publishing: a new benchmark for packaging security
Read the official announcement on the PyPI blog as well! For the past year, we’ve worked with the Python Package Index to add a new, more secure authentication method called “trusted publishing.” T…
ITSEC News