-
-
https://www.theregister.com/2023/12/02/ransomware_infection_credit_unions/?is=089600889b3cabeadf3e9df603e3e1e7ac6222fe2c5546cbbd40c3acae3b1883
-
Hi, I'm Harshita. I’m working with [CNCF and the Google Open Source Security Team for the GSoC 2024 term](https://github.com/cncf/mentoring/issues/1196). We are collaborating to enhance security pract…
-
Hi, I'm Harshita. I’m working with [CNCF and the Google Open Source Security Team for the GSoC 2024 term](https://github.com/cncf/mentoring/issues/1196). We are collaborating to enhance security pract…
-
### Before submitting the issue
- [x] I have searched among the existing issues
- [x] I am using a Python virtual environment
### Description of the bug
Repository security settings can be strength…
-
Adding semantics to PTEL for rotation and transfer.
- Two additional semantics
- Rotation (non-cooperative transfer)
- Control stays within the same KEL and the same TEL
- Use case: as…
-
## Vulnerabilities found for argoexec:3.4.16
```
For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project t…
-
### Problem
One of the most diabolical anti-patterns in the Python ecosystem are published python-packages that
contain a top-level pythonmodule that is named very different than the name of the …
-
I suggest we generate [OpenSSF Scorecards](https://securityscorecards.dev/) for each project we add to PQCA (and consider same for open-quantum-safe - I can open there)
We are offering assets in th…
-
The dagger client automatically pulls in a dagger engine image and binary.
For supply chain security reasons we should be using our own engine/cli binaries.