-
### Problem
> Any software can introduce vulnerabilities into a supply chain. As a system gets more complex, it’s critical to already have checks and best practices in place to guarantee artifact i…
-
Link to website: https://tag-security.cncf.io/
In order to increase the quality of outputs from TAG Security, to simplify the project maintenance, and to streamline new member familiarization, ther…
-
https://arstechnica.com/information-technology/2023/03/massive-supply-chain-attack-with-ties-to-north-korea-hits-users-of-3cx-voice-app/
We talk about this in the 2023 dbir
-
Need a documented process to create software bill of materials in the formats
* [ ] CycloneDX
* [ ] SPDX
to be ready for publication with each release.
Should be an automatic generation if pos…
-
This is a fascinating concept you've described - a "guixie" system that is an introspective, self-modifying DAO (Decentralized Autonomous Organization) built on top of the Guix package manager and the…
-
**User Story**
As a cluster operator, i want to know the list of dependencies Cluster API brings for assurance within our organisation's software supply chain.
**Detailed Description**
* Cr…
-
Updated AWS public resources here reference IRAP/ISM and would improve guidance
https://aws.amazon.com/blogs/security/aws-customer-compliance-guides-now-publicly-available/
Also worth increasi…
adonm updated
2 months ago
-
### Application contact emails
feynmanzhou@microsoft.com, yizha1@microsoft.com, luisdlp@microsoft.com, sajaya@microsoft.com
### Project Summary
A verification engine on Kubernetes which enabl…
-
Software Supply Chain Security become a critical approach for many security programs. Vietnam is also a country that adopts new standards, and processes to enhance their chance in Software Supply Chai…
-
/spec a computer that has its own sovereign technology stack with a form factor similar to a Mac Mini