💔 woah! Heartbleed was ten years ago!?!

#heptio 🎉 A bunch of which are now working on Stacklok Definitely keep an eye on what’s happening there!

New post on what happens after you add a control plane and local storage for observability: you get 1000x the telemetry when it matters. mattklein123.dev/2024/04/17/100…

The Good, Bad and Ugly for GenAI by Craig McLuckie at #OSSummit The Good: More productive maintainers The Bad: New vulnerabilities and methods of exploitation The ugly: Increasing pressure on communities Path forward for #opensource producers and consumers

(1/2) 👋 We made some big announcements today at the #OSSummit. Here's the first. Today, we're introducing the OSS Trust Graph, a way to model trust in #opensource ecosystems. It maps the connections between open source contributors and projects, and, through our

(2/2) Our second announcement: Minder Cloud! Having high-quality intelligence about open source packages is only as useful as an organization’s or a community’s ability to drive policies that shape developer behavior. That’s why we launched the open source software security

For #opensource maintainers with projects spanning 20+ repos, it's often manual and time-consuming to manage repo configuration. We built a policy template in Minder to automate this—you can customize it and apply it to your repos for free: cloud.stacklok.com

OSS: Where an idea you have in the midst of the lockdown from your shed come office, ends up securing huge swathes of the software. Nice to see Stacklok get a nod towards efforts put into helping run the sigstore public infra along with maintaining the code itself.

The gated CVE blocking along with the fix recommendation rule in github.com/stacklok/minder is something I am particular fond of:

Great post that explains why signatures and attestations matter for software security. For example, sigstore can create tamper-proof paper trails linking an artifact back to CI. (And thx for the shout-out about our work to help operate sigstore's public good instance!)

📺 ICYMI: Our co-founder Craig McLuckie #OpenSourceSummit NA Keynote is available!📺 "I truly believe that the open source portfolio is one of the great treasures of humanity...and so we owe it to our communities and ourselves to make sure that as this ecosystem changes, as new

Minder is a a nice way to integrate increasingly rich security capabilities into your project with an OSS based, free-to-use service. Do give it a try and let us know what you think!

Happy #KuberTENes! #k8s co-founder Craig McLuckie reflects on lessons learned about building large-scale #OSS projects from his work building k8s with brendandburns, Joe Beda, and the rest of the team at Google Cloud. stacklok.com/blog/all-i-rea…

Pinning actions and container images to digests is a security best practice, but tedious to do. The new #oss Frizbee GitHub Action makes automating this process easier. stacklok.com/blog/new-frizb… #appsec #github

Thanks to ADA Logics for doing a security audit recently for Minder! They analyzed our threat model and vulnerable code patterns, so that we can make Minder even more secure. stacklok.com/blog/securing-… #cybersecurity

trustypkg and Stacklok threat hunter Poppaea discovered a North Korean state actor exploit. cool post-analysis by Poppy as always stacklok.com/blog/north-kor…

Honored to be a Rising Star ⭐ in Forbes 2024 Cloud ☁️ 100. This list is impressive, and we’re excited to be part of the cloud’s future. 🎉 Grateful for the recognition Bessemer Forbes Salesforce Ventures The Cloud 100 bit.ly/4fsf2tv #Cloud100 #RisingStar

On 8/29, we found malicious code in Python Package Index package "invokehttp." This package raised red flags due to inconsistencies in its metadata and the absence of any verified connection to its claimed GitHub repository. Full analysis here: stacklok.com/blog/cross-pla… #cybersecurity #malware

.Stacklok Donates Minder Security Project to OpenSSF | By Steven J. Vaughan-Nichols #OpenSource Craig McLuckie thenewstack.io/stacklok-donat…

🚀 NEW on We ❤️ Open Source 🚀 Discover how AI is reshaping developer workflows and security! Craig McLuckie (Craig McLuckie), co-creator of Kubernetes, shares insights on tackling AI risks and introduces Minder. 🎥 Watch now: buff.ly/4199peP #WeLoveOpenSource #Cybersecurity