open source security – Experimental News Clipping Site

Slashdot: Google’s New Security Project ‘OSS Rebuild’ Tackles Package Supply Chain Verification

Jul 28, 2025

—

by

Source URL: https://news.slashdot.org/story/25/07/28/0254233/googles-new-security-project-oss-rebuild-tackles-package-supply-chain-verification?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Google’s New Security Project ‘OSS Rebuild’ Tackles Package Supply Chain Verification Feedly Summary: AI Summary and Description: Yes Summary: Google’s Open Source Security Team has launched a project called OSS Rebuild aimed at enhancing security and transparency in open-source package ecosystems. This initiative focuses on automating the reconstruction of…

Slashdot: Pentagon Targets Open Source Security Risks in Software Procurement Overhaul

May 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://news.slashdot.org/story/25/05/06/230252/pentagon-targets-open-source-security-risks-in-software-procurement-overhaul?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Pentagon Targets Open Source Security Risks in Software Procurement Overhaul Feedly Summary: AI Summary and Description: Yes Summary: The Department of Defense (DoD) is initiating a Software Fast Track (SWFT) program to modernize its software procurement systems, focusing on enhancing security measures. This initiative addresses challenges posed by open…

Slashdot: May is ‘Maintainer Month’. Open Source Initiative Joins GitHub to Celebrate Open Source Security

May 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://news.slashdot.org/story/25/05/03/0653227/may-is-maintainer-month-open-source-initiative-joins-github-to-celebrate-open-source-security?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: May is ‘Maintainer Month’. Open Source Initiative Joins GitHub to Celebrate Open Source Security Feedly Summary: AI Summary and Description: Yes Summary: The text focuses on the celebration of open source maintainers who prioritize security during the annual “Maintainer Month,” highlighting their crucial role in the security of open…

Slashdot: Open Source Coalition Announces ‘Model-Signing’ with Sigstore to Strengthen the ML Supply Chain

Apr 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/04/05/0621201/open-source-coalition-announces-model-signing-with-sigstore-to-strengthen-the-ml-supply-chain?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Open Source Coalition Announces ‘Model-Signing’ with Sigstore to Strengthen the ML Supply Chain Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a significant advancement in model security through the introduction of a model-signing library by Google, in collaboration with the Linux Foundation, NVIDIA, and HiddenLayer. This…

Google Online Security Blog: Taming the Wild West of ML: Practical Model Signing with Sigstore

Apr 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: http://security.googleblog.com/2025/04/taming-wild-west-of-ml-practical-model.html Source: Google Online Security Blog Title: Taming the Wild West of ML: Practical Model Signing with Sigstore Feedly Summary: AI Summary and Description: Yes Summary: The text announces the launch of a model signing library developed by the Google Open Source Security Team in collaboration with NVIDIA and HiddenLayer, aimed at enhancing…

Slashdot: ‘Unaware and Uncertain’: Report Finds Widespread Unfamiliarity With 2027’s EU Cyber Resilience Requirements

Mar 22, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://news.slashdot.org/story/25/03/21/0212206/unaware-and-uncertain-report-finds-widespread-unfamiliarity-with-2027s-eu-cyber-resilience-requirements Source: Slashdot Title: ‘Unaware and Uncertain’: Report Finds Widespread Unfamiliarity With 2027’s EU Cyber Resilience Requirements Feedly Summary: AI Summary and Description: Yes Summary: The Linux Foundation, in collaboration with the Open Source Security Foundation and Linux Foundation Europe, released two vital research reports focused on open source security in relation to…

The Register: Too many software supply chain defense bibles? Boffins distill advice

Mar 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/03/20/software_supply_chain_defense/ Source: The Register Title: Too many software supply chain defense bibles? Boffins distill advice Feedly Summary: How to avoid another SolarWinds, Log4j, and XZ Utils situation Organizations concerned about software supply chain attacks should focus on role-based access control, system monitoring, and boundary protection, according to a new preprint paper on the…

Tag: open source security

Slashdot: Google’s New Security Project ‘OSS Rebuild’ Tackles Package Supply Chain Verification

Slashdot: Pentagon Targets Open Source Security Risks in Software Procurement Overhaul

Slashdot: May is ‘Maintainer Month’. Open Source Initiative Joins GitHub to Celebrate Open Source Security

Slashdot: Open Source Coalition Announces ‘Model-Signing’ with Sigstore to Strengthen the ML Supply Chain

Google Online Security Blog: Taming the Wild West of ML: Practical Model Signing with Sigstore

Slashdot: ‘Unaware and Uncertain’: Report Finds Widespread Unfamiliarity With 2027’s EU Cyber Resilience Requirements

The Register: Too many software supply chain defense bibles? Boffins distill advice