attestation – Experimental News Clipping Site

Hacker News: Analysis of supply-chain attack on Ultralytics

Dec 14, 2024

—

by

Source URL: https://blog.pypi.org/posts/2024-12-11-ultralytics-attack-analysis/ Source: Hacker News Title: Analysis of supply-chain attack on Ultralytics Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The provided text discusses a recent supply-chain attack on the Ultralytics Python project, emphasizing significant vulnerabilities in software publishing and security. It highlights lessons learned for securing workflows, managing API tokens, and improving…

Hacker News: Confidential Computing Platform Based on Tee and TPM Collaborative Trust

Dec 12, 2024

—

by

system automation

in Uncategorized

Source URL: https://arxiv.org/abs/2412.03842 Source: Hacker News Title: Confidential Computing Platform Based on Tee and TPM Collaborative Trust Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the CCxTrust platform, an innovative solution in the field of confidential computing, designed to enhance security by integrating Trusted Execution Environment (TEE) and Trusted Platform Module…

Hacker News: Attestations: A new generation of signatures on PyPI

Nov 15, 2024

—

by

system automation

in Uncategorized

Source URL: https://blog.trailofbits.com/2024/11/14/attestations-a-new-generation-of-signatures-on-pypi/ Source: Hacker News Title: Attestations: A new generation of signatures on PyPI Feedly Summary: Comments AI Summary and Description: Yes Summary: The announcement discusses a new security feature on the Python Package Index (PyPI): index-hosted digital attestations based on PEP 740. This feature enhances package provenance and security by integrating with Trusted…

Hacker News: Are We PEP740 Yet?

Nov 15, 2024

—

by

system automation

in Uncategorized

Source URL: https://trailofbits.github.io/are-we-pep740-yet/ Source: Hacker News Title: Are We PEP740 Yet? Feedly Summary: Comments AI Summary and Description: Yes **Summary:** PEP 740 introduces a standard for cryptographically verifiable attestations for Python packages, ensuring better security and provenance verification through digital signatures. This initiative utilizes Sigstore technology and highlights the significance of trusted identities in safeguarding…

Simon Willison’s Weblog: PyPI now supports digital attestations

Nov 14, 2024

—

by

system automation

in Uncategorized

Source URL: https://simonwillison.net/2024/Nov/14/pypi-digital-attestations/#atom-everything Source: Simon Willison’s Weblog Title: PyPI now supports digital attestations Feedly Summary: PyPI now supports digital attestations Dustin Ingram: PyPI package maintainers can now publish signed digital attestations when publishing, in order to further increase trust in the supply-chain security of their projects. Additionally, a new API is available for consumers and…

Hacker News: PyPI now supports digital attestations

Nov 14, 2024

—

by

system automation

in Uncategorized

Source URL: https://blog.pypi.org/posts/2024-11-14-pypi-now-supports-digital-attestations/ Source: Hacker News Title: PyPI now supports digital attestations Feedly Summary: Comments AI Summary and Description: Yes Summary: PyPI has introduced support for digital attestations, enhancing supply-chain security for Python package maintainers. This update, part of PEP 740, allows maintainers to publish signed attestations associated with their projects, ensuring higher trust and…

Simon Willison’s Weblog: W̶e̶e̶k̶n̶o̶t̶e̶s̶ Monthnotes for October

Oct 30, 2024

—

by

system automation

in Uncategorized

Source URL: https://simonwillison.net/2024/Oct/30/monthnotes/#atom-everything Source: Simon Willison’s Weblog Title: W̶e̶e̶k̶n̶o̶t̶e̶s̶ Monthnotes for October Feedly Summary: I try to publish weeknotes at least once every two weeks. It’s been four since the last entry, so I guess this one counts as monthnotes instead. In my defense, the reason I’ve fallen behind on weeknotes is that I’ve been…

The Register: Just how private is Apple’s Private Cloud Compute? You can test it to find out

Oct 25, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/10/25/apple_private_cloud_compute/ Source: The Register Title: Just how private is Apple’s Private Cloud Compute? You can test it to find out Feedly Summary: Also updates bug bounty program with $1M payout In June, Apple used its Worldwide Developer Conference to announce the creation of the Private Cloud Compute platform to run its AI Intelligence…

Hacker News: Security Research on Private Cloud Compute

Oct 24, 2024

—

by

system automation

in Uncategorized

Source URL: https://security.apple.com/blog/pcc-security-research/ Source: Hacker News Title: Security Research on Private Cloud Compute Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses Apple’s introduction of Private Cloud Compute (PCC), a solution designed to enhance privacy and security in AI processing. It emphasizes transparency and invites security researchers to audit the system using…

Cloud Blog: Cloud CISO Perspectives: AI vendors should share vulnerability research. Here’s why

Oct 15, 2024

—

by

system automation

in Uncategorized

Source URL: https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-ai-vendors-should-share-vulnerability-research-heres-why/ Source: Cloud Blog Title: Cloud CISO Perspectives: AI vendors should share vulnerability research. Here’s why Feedly Summary: Welcome to the first Cloud CISO Perspectives for October 2024. Today I’m discussing new AI vulnerabilities that Google’s security teams discovered and helped fix, and why it’s important for AI vendors to share vulnerability research…

Tag: attestation