Experimental News Clipping Site

Tag: attestations

  • Docker: Secure by Design: A Shift-Left Approach with Testcontainers, Docker Scout, and Hardened Images

    by

    Kurt Seifried
    in

    Source URL: https://www.docker.com/blog/a-shift-left-approach-with-docker/ Source: Docker Title: Secure by Design: A Shift-Left Approach with Testcontainers, Docker Scout, and Hardened Images Feedly Summary: In today’s fast-paced world of software development, product teams are expected to move quickly: building features, shipping updates, and reacting to user needs in real-time. But moving fast should never mean compromising on quality…

  • Docker: Accelerating FedRAMP Compliance with Docker Hardened Images

    by

    Kurt Seifried
    in

    Source URL: https://www.docker.com/blog/fedramp-compliance-with-hardened-images/ Source: Docker Title: Accelerating FedRAMP Compliance with Docker Hardened Images Feedly Summary: Federal Risk and Authorization Management Program (FedRAMP) compliance costs typically range from $450,000 to over $2 million and take 12 to 18 months to achieve, time your competitors are using to capture government contracts. While you’re spending months configuring FIPS…

  • Slashdot: Google’s New Security Project ‘OSS Rebuild’ Tackles Package Supply Chain Verification

    by

    Kurt Seifried
    in

    Source URL: https://news.slashdot.org/story/25/07/28/0254233/googles-new-security-project-oss-rebuild-tackles-package-supply-chain-verification?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Google’s New Security Project ‘OSS Rebuild’ Tackles Package Supply Chain Verification Feedly Summary: AI Summary and Description: Yes Summary: Google’s Open Source Security Team has launched a project called OSS Rebuild aimed at enhancing security and transparency in open-source package ecosystems. This initiative focuses on automating the reconstruction of…

  • Simon Willison’s Weblog: Introducing OSS Rebuild: Open Source, Rebuilt to Last

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Jul/23/oss-rebuild/ Source: Simon Willison’s Weblog Title: Introducing OSS Rebuild: Open Source, Rebuilt to Last Feedly Summary: Introducing OSS Rebuild: Open Source, Rebuilt to Last Major news on the Reproducible Builds front: the Google Security team have announced OSS Rebuild, their project to provide build attestations for open source packages released through the NPM,…

  • Slashdot: Google Launches OSS Rebuild

    by

    Kurt Seifried
    in

    Source URL: https://tech.slashdot.org/story/25/07/22/144239/google-launches-oss-rebuild?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Google Launches OSS Rebuild Feedly Summary: AI Summary and Description: Yes Summary: Google has launched OSS Rebuild, a project aimed at detecting supply chain attacks in open source software by independently verifying package builds from major repositories. The initiative addresses significant security threats in the open-source ecosystem and highlights…

  • Anchore: SBOM Insights on LLMs, Compliance Attestations and Security Mental Models: Anchore Learning Week (Day 4)

    by

    Kurt Seifried
    in

    Source URL: https://anchore.com/blog/sbom-insights-on-llms-compliance-attestations-and-security-mental-models-anchore-learning-week-day-4/ Source: Anchore Title: SBOM Insights on LLMs, Compliance Attestations and Security Mental Models: Anchore Learning Week (Day 4) Feedly Summary: Welcome to the fourth installment in our 5-part series on software bill of materials (SBOMs) In our previous posts, we’ve covered SBOM fundamentals, SBOM generation and scalable SBOM management. Now, we shift…