O4/20/23: SLSA, KubeCon EU & RSA

The? OpenSSF ?is releasing?SLSA?version 1.0

SLSA is a comprehensive framework designed to improve?software supply chain security?by offering a series of security levels to ensure the software remains tamper-proof and can be securely traced to its source.

RSA Conference: software supply chain talks to watch

RSA Conference is next week in San Francisco! Here is a list of software security-related talks to watch out for from Security Boulevard :

ReversingLabs Software Supply Chain Risk Survey Results

Global research commissioned by ReversingLabs, found that nearly 90 percent of technology professionals detected significant risks in their software supply chain in the last year. More than 70 percent said that current application security solutions aren't providing the necessary protections!

3CX Breach: it was linked to 2 software supply chain attacks

"[3CX] was one of an untold number of victims infected with the corrupted software of another company—a rare, or perhaps even unprecedented, example of how a single group of hackers used one software supply chain attack to carry out a second one. Call it a supply-chain chain reaction."

Chainguard open sources new policy catalog for Sigstore policy-controller

To help users unlock the security benefits of the Sigstore policy-controller, Chainguard is open-sourcing a new policy catalog that can be adopted incrementally to improve the security of your software supply chain.?

KubeCon Europe is happening right now! We're at Booth #SU64; come pay us a visit!