by Azalio tdshpsk | Sep 7, 2022 | Security
Google’s Go programming language has added support for vulnerability management, which project developers said was an initial step toward helping Go developers learn about known vulnerabilities that could impact them.In a blog post on September 6, the Go security team...
by Azalio tdshpsk | Aug 22, 2022 | Security
Security is one of the few things that will survive the budget axe should the world plunge into recession, but it’s increasingly clear that we can’t simply spend our way to a secure future. Indeed, SLSA (Supply-chain Levels for Software Artifacts), Tekton, and other...
by Azalio tdshpsk | Aug 4, 2022 | Security
A zero-knowledge proof, also known as ZKP protocol, attempts to establish a fact between parties with a minimum amount of information exchange. In cryptography, it is intended to limit the transfer of information during authentication activities. ZKP’s...
by Azalio tdshpsk | Jul 27, 2022 | Security
The compromise of SolarWinds’ system management tool raised a lot of interesting issues for anyone using a CI/CD (continuous integration and continuous delivery) build process for their software. How can we ensure that the software we distribute to our users is the...
by Azalio tdshpsk | Jul 19, 2022 | Security
Who owns software supply chain security? Developers? Or the platform and security engineering teams supporting them?In the past, the CIO, CISO, or CTO and their security team would decide which Linux distribution, operating system, and infrastructure platform the...
by Azalio tdshpsk | Jul 12, 2022 | Security
Log4j was the bucket of cold water that woke up most developers to their software supply chain security problem. We’ve spent decades in software building things and obsessing over our production environment. But we’re building on unpatched Jenkins boxes sitting under...