Page 16 - Source Security Foundation Open News Today : Breaking News, Live Updates & Top Stories | Vimarsana

Version 1 0 of SLSA provides specifications for software supply chain security

The project provides specifications for software supply chain that have been established by community consensus.

Brian behlendorfLevels for software artifactsSource security foundation openSoftware development frameworkOpen source security foundationSupply chain levelsSoftware artifactsExecutive order standardsSecure software development

OpenSSF Announces SLSA Version 1 0 Release - PR Newswire

OpenSSF Announces SLSA Version 1 0 Release - PR Newswire
businesstelegraph.co.uk - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from businesstelegraph.co.uk Daily Mail and Mail on Sunday newspapers.

Scott robertsonJamie thomasMichael liebermanKim lewandowskiBrian behlendorfBruno dominguesZach steindlerEmmy eideAbhishek aryaMark russinovichSource security foundation openInfrastructure strategy developmentLinux foundationSoftware delivery lifecycleSoftware development frameworkWorldwide financial services

Securing your software supply chain | Computer Weekly

Organisations need to have a thorough understanding of software components and build security controls into development lifecycles to shore up the security of their software supply chains.

Gil shwedFrancis ofungwuPeter bauerFran roschCheck point softwareSource security foundation openSoftware bill of materialsChain levels for software artifactsKelvin limRed hatSynopsy limSupply chain levelsSoftware artifactsSoftware billOpen source security foundation

How Do We Raise the Floor for Software Quality? – Brian Behlendorf – PSW #770

Open source is the bedrock of most of the world’s software today, so how to raise the floor on software quality across the industry? First, we need better tools to measure the trustworthiness of code based on objective measures, processes that encourage better security practices by developers, and t.

White houseDistrict of columbiaUnited statesBrian behlendorfObama administrationApache software foundationSource security foundation openSource initiativeLinux foundationMozilla foundationWorld economic forumGeneral managerOpen source security foundationOpen source initiativeWired magazineOrganic online

PyTorch users warned of malicious copy in PyPI registry

Developers using the open-source package PyTorch machine learning framework may have downloaded a compromised version of the package from the PyPI repository over the holidays. The PyTorch team warns those who downloaded and installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, should uninstall it and torchtriton immediately. They should

Software repositoriesSource security foundation openTorch nightly linuxPython package indexOpen source security foundationSecuring software repositories