-
I've grown increasingly concerned with supply chain attacks, which Rust is still vulnerable to, as is pretty much any other growing software ecosystem.
For this reason, we should invest some time i…
-
Open Source is everywhere. It is in many proprietary codebases and community projects. For organizations and individuals, the question today is not whether you are or are not using open-source code, b…
-
### Description
## Date
Monday 10 June 2024 - 8am EST / 1pm UK (BST)
Occurs the second Monday of every month
## Zoom
Join Zoom Meeting
https://zoom.us/j/98495304665
Meeting ID: 984 9530…
-
To help ensure software supply chain security, this file needs to be hashed (SHA-2 256 or better) and verified against a copy of the hash that we store in this repository. Another option is to have th…
-
David Britch pointed out that the topic on security best practices related to managing packages could be better surfaced. I agree. Perhaps linking directly to the actionable steps starting with this…
-
### Session description
This session will be a precursor to our upcoming workshop, [Secure the Web Forward](https://www.w3.org/2023/03/secure-the-web-forward/), which aims to increase the overall sec…
torgo updated
9 months ago
-
### Is your feature request related to a problem? Please describe.
Right now users can configure insecure registries in their container engine (docker, podman) or via the `SDK_CONTAINER_INSECURE_RE…
-
-
## What/Why
### What are you proposing?
Let's earn the OpenSSF Best Practices Passing Badge! [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/6556/badge)](https://bestpra…
-
Some of the links we tracked in 2021 and 2020, i am guessing there are many more. We need find the right place to plug them in.
2021
https://github.com/faisalman/ua-parser-js/issues/536
https://j…