Experimental News Clipping Site

Tag: SLSA

  • Docker: The Next Evolution of Docker Hardened Images: Customizable, FedRAMP Ready, AI Migration Agent, and Deeper Integrations

    by

    Kurt Seifried
    in

    Source URL: https://www.docker.com/blog/the-next-evolution-of-docker-hardened-images/ Source: Docker Title: The Next Evolution of Docker Hardened Images: Customizable, FedRAMP Ready, AI Migration Agent, and Deeper Integrations Feedly Summary: We launched Docker Hardened Images (DHI) in May, and in just two and a half months, adoption has accelerated rapidly across industries. From nimble startups to global enterprises, organizations are turning…

  • Slashdot: Google’s New Security Project ‘OSS Rebuild’ Tackles Package Supply Chain Verification

    by

    Kurt Seifried
    in

    Source URL: https://news.slashdot.org/story/25/07/28/0254233/googles-new-security-project-oss-rebuild-tackles-package-supply-chain-verification?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Google’s New Security Project ‘OSS Rebuild’ Tackles Package Supply Chain Verification Feedly Summary: AI Summary and Description: Yes Summary: Google’s Open Source Security Team has launched a project called OSS Rebuild aimed at enhancing security and transparency in open-source package ecosystems. This initiative focuses on automating the reconstruction of…

  • Simon Willison’s Weblog: Introducing OSS Rebuild: Open Source, Rebuilt to Last

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Jul/23/oss-rebuild/ Source: Simon Willison’s Weblog Title: Introducing OSS Rebuild: Open Source, Rebuilt to Last Feedly Summary: Introducing OSS Rebuild: Open Source, Rebuilt to Last Major news on the Reproducible Builds front: the Google Security team have announced OSS Rebuild, their project to provide build attestations for open source packages released through the NPM,…

  • Cloud Blog: How SUSE and Google Cloud collaborate on Confidential Computing

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/products/identity-security/how-suse-and-google-cloud-collaborate-on-confidential-computing/ Source: Cloud Blog Title: How SUSE and Google Cloud collaborate on Confidential Computing Feedly Summary: Securing sensitive data is a crucial part of moving workloads to the cloud. While encrypting data at rest and in transit are standard security practices, safeguarding data in use — while it’s actively being processed in memory…

  • Slashdot: Google Launches OSS Rebuild

    by

    Kurt Seifried
    in

    Source URL: https://tech.slashdot.org/story/25/07/22/144239/google-launches-oss-rebuild?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Google Launches OSS Rebuild Feedly Summary: AI Summary and Description: Yes Summary: Google has launched OSS Rebuild, a project aimed at detecting supply chain attacks in open source software by independently verifying package builds from major repositories. The initiative addresses significant security threats in the open-source ecosystem and highlights…

  • Google Online Security Blog: Introducing OSS Rebuild: Open Source, Rebuilt to Last

    by

    Kurt Seifried
    in

    Source URL: http://security.googleblog.com/2025/07/introducing-oss-rebuild-open-source.html Source: Google Online Security Blog Title: Introducing OSS Rebuild: Open Source, Rebuilt to Last Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the launch of OSS Rebuild by Google, aimed at enhancing security within open source package ecosystems by enabling the reproducibility of upstream artifacts. This initiative is particularly…

  • Hacker News: Supply Chain Attacks on Linux Distributions

    by

    Kurt Seifried
    in

    Source URL: https://fenrisk.com/supply-chain-attacks Source: Hacker News Title: Supply Chain Attacks on Linux Distributions Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses supply chain attacks on Linux distributions, emphasizing the complexities of compromising these systems through upstream dependencies. The piece highlights recent attacks, notably a backdoor introduced into XZ Utils, and outlines…

  • Cloud Blog: Accelerate your cloud journey using a well-architected, principles-based framework

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/products/application-modernization/well-architected-framework-to-accelerate-your-cloud-journey/ Source: Cloud Blog Title: Accelerate your cloud journey using a well-architected, principles-based framework Feedly Summary: In today’s dynamic digital landscape, building and operating secure, reliable, cost-efficient and high-performing cloud solutions is no easy feat. Enterprises grapple with the complexities of cloud adoption, and often struggle to bridge the gap between business needs,…

  • Cloud Blog: How we’re making GKE more transparent with supply-chain attestation and SLSA

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/products/identity-security/how-were-making-gke-more-secure-with-supply-chain-attestation-and-slsa/ Source: Cloud Blog Title: How we’re making GKE more transparent with supply-chain attestation and SLSA Feedly Summary: What goes into your Kubernetes software? Understanding the origin of the software components you deploy is crucial for mitigating risks and ensuring the trustworthiness of your applications. To do this, you need to know your…