-
### Description
Currently it is not possible to verify the authenticity of the downloads from sourceforge.net, github.com, or phplist.org because the releases are not cryptographically signed.
T…
-
pypi just told me i had to enable 2fa to keep uploading t…
-
## What is the proposed Cheat Sheet about?
This drone security Cheat Sheet aims to ensure the safe and secure operation of unmanned aerial vehicles (UAVs) in various mobile, web and cloud appli…
-
Hi,
On behalf of Docker, attached is our response as part of the current public comment period for the Report on Federal IT Modernization. For any questions or requests for clarification on this co…
-
Based on discussions within the Supply Chain integrity working group and S2C2F Project we wanted to open discussions on a path for S2C2F to align with SLSA as its dependency track. This would be conti…
-
The `pass` statements in the functions can probably be removed.
https://github.com/JacksonQu/Software-Supply-Chain-Security-Assignment1/blob/d446488fdbda84f8264478efa141aa9ba9dba792/main.py#L17
-
### Proposed new feature or change:
This is about Numba's interaction with NumPy as part of its software dependency chain.
1. In approximately the last six months a number of CVEs have been issued…
-
Comments on OWASP “Software Component Verification Standard” by David A. Wheeler
Here are my comments on the “Software Component Verification Standard” Version 1.0.0-RC.1 (Public Preview), 16 Apri…
-
There is a need to be able to attest to the transformation of SBOM information from one format to another, and carry this attestation with the SBOM generated (rather than as a side car/ encapulating e…
-
# Reporting a bug found by iCR
In file: [SAXHandler.java](https://github.com/hunterhacker/jdom/blob/JDOM-2.0.6.1/core/src/java/org/jdom2/input/sax/SAXHandler.java#L918), there is a potential case o…