Tag: attestation
-
Anchore: 2025 Cybersecurity Executive Order Requires Up Leveled Software Supply Chain Security
Source URL: https://anchore.com/blog/2025-cybersecurity-executive-order/ Source: Anchore Title: 2025 Cybersecurity Executive Order Requires Up Leveled Software Supply Chain Security Feedly Summary: A few weeks ago, the Biden administration published a new Executive Order (EO) titled “Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity”. This is a follow-up to the original cybersecurity executive order—EO 14028—from…
-
Cloud Blog: Privacy-preserving Confidential Computing now on even more machines and services
Source URL: https://cloud.google.com/blog/products/identity-security/privacy-preserving-confidential-computing-now-on-even-more-machines/ Source: Cloud Blog Title: Privacy-preserving Confidential Computing now on even more machines and services Feedly Summary: Organizations are increasingly using Confidential Computing to help protect their sensitive data in use as part of their data protection efforts. Today, we are excited to highlight new Confidential Computing capabilities that make it easier for…
-
Schneier on Security: Biden Signs New Cybersecurity Order
Source URL: https://www.schneier.com/blog/archives/2025/01/biden-signs-new-cybersecurity-order.html Source: Schneier on Security Title: Biden Signs New Cybersecurity Order Feedly Summary: President Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide. Some details: The core of the executive order is an array of mandates…
-
Wired: A New Jam-Packed Biden Executive Order Tackles Cybersecurity, AI, and More
Source URL: https://www.wired.com/story/biden-executive-order-cybersecurity-ai-and-more/ Source: Wired Title: A New Jam-Packed Biden Executive Order Tackles Cybersecurity, AI, and More Feedly Summary: US president Joe Biden just issued a 40-page executive order that aims to bolster federal cybersecurity protections, directs government use of AI—and takes a swipe at Microsoft’s dominance. AI Summary and Description: Yes Summary: President Biden’s…
-
Hacker News: Analysis of supply-chain attack on Ultralytics
Source URL: https://blog.pypi.org/posts/2024-12-11-ultralytics-attack-analysis/ Source: Hacker News Title: Analysis of supply-chain attack on Ultralytics Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The provided text discusses a recent supply-chain attack on the Ultralytics Python project, emphasizing significant vulnerabilities in software publishing and security. It highlights lessons learned for securing workflows, managing API tokens, and improving…
-
Hacker News: Confidential Computing Platform Based on Tee and TPM Collaborative Trust
Source URL: https://arxiv.org/abs/2412.03842 Source: Hacker News Title: Confidential Computing Platform Based on Tee and TPM Collaborative Trust Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the CCxTrust platform, an innovative solution in the field of confidential computing, designed to enhance security by integrating Trusted Execution Environment (TEE) and Trusted Platform Module…
-
Hacker News: Attestations: A new generation of signatures on PyPI
Source URL: https://blog.trailofbits.com/2024/11/14/attestations-a-new-generation-of-signatures-on-pypi/ Source: Hacker News Title: Attestations: A new generation of signatures on PyPI Feedly Summary: Comments AI Summary and Description: Yes Summary: The announcement discusses a new security feature on the Python Package Index (PyPI): index-hosted digital attestations based on PEP 740. This feature enhances package provenance and security by integrating with Trusted…
-
Hacker News: Are We PEP740 Yet?
Source URL: https://trailofbits.github.io/are-we-pep740-yet/ Source: Hacker News Title: Are We PEP740 Yet? Feedly Summary: Comments AI Summary and Description: Yes **Summary:** PEP 740 introduces a standard for cryptographically verifiable attestations for Python packages, ensuring better security and provenance verification through digital signatures. This initiative utilizes Sigstore technology and highlights the significance of trusted identities in safeguarding…
-
Simon Willison’s Weblog: PyPI now supports digital attestations
Source URL: https://simonwillison.net/2024/Nov/14/pypi-digital-attestations/#atom-everything Source: Simon Willison’s Weblog Title: PyPI now supports digital attestations Feedly Summary: PyPI now supports digital attestations Dustin Ingram: PyPI package maintainers can now publish signed digital attestations when publishing, in order to further increase trust in the supply-chain security of their projects. Additionally, a new API is available for consumers and…