🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

At TestfiySec we want to encourage our team to lean into innovation and not doing something just because everyone else is. But find creative ways to deliver better results for our partners and the Saas community as a whole. Thoughts? #cybersecurity #testifysec #saas

Who would be interested in a co-located conference dedicated to TUF and in-toto?

I wrote down some of my ideas around DevSecOps and how we can leverage the in-toto API to move forward. cncf.io/blog/2023/08/1…

📚 tl;dr sec 196 How secrets leak in CI/CD Karim Rahal WrongSecrets lab OWASP® Foundation AI threat modeling ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 🛡️ in-toto: API of DevSecOps Aditya Sirish, Cole Kennedy Rein in your SIEM Expel Simple parenting hacks Joseph Thacker #cybersecurity tldrsec.com/p/tldr-sec-196

📦 SBOMit An SBOM format independent method for attesting components with additional verification information Uses in-toto attestations and layouts sbomit.dev

Happy Labor Day! I hope you too are ghosting work today like I am. #laborday

As supporters and maintainers of in-toto, we are extremely excited to support their graduation proposal. The in-toto framework is the security backbone of our products at TestifySec, and we couldn’t be more proud to support the project for graduation.

My personal version of hell is using JIRA over a VDI hosted across the ocean.

Are you heading to #devopsdaysdc? I will be there Thursday, Sept 14. Who want's to meet up and nerd out over the importance of software supply chain security. #testifysec #software #supplychain

We're having our first Witness and Archivista community call today at 11:00 am EDT! 🎉Come learn about attestations for your supply chain. ⛓️Meeting info here: github.com/testifysec/com…

We’re hiring TestifySec! 🛡️🎉 Have you ever wanted to work on open source full time? Do you want to make the world’s 🌎 software more secure? 🔐 This could be for you: testifysec.com/careers/open-s…

2 offers out and signed!

For anyone looking for a last minute Halloween Costume... We hear that supply chain security experts get paid well... This kit could get you started. 😎 💻 Stay safe out there in the digital world. #halloween #cybersecurity #softwaresupplychain

Has anyone used, or maybe written about using in-toto for tracking provenance of AI models? cc Trishank Karthik Kuppusamy Justin Cormack, Santiago , 🦄 Frederick Kautz (Emeritus KubeCon Co-Chair) , Aditya Sirish

Bingo! Signatures are empty attestations, or even Implicit Attestations where the subject and predicate are defined out of band by the context of how the signature was generated. Explicit is better than implicit in security!

If you are in Chicago for #KubeConNA I highly recommend Wookiefoot playing at Reggies tonight at 9:30.

go-witness now support signing and verifying policy with sigstore github.com/in-toto/go-wit…

Can you guess what we are working on?

In the latest episode of Cloud Unfiltered, Cole Kennedy breaks down the concepts of supply chain security and discussed the importance of attestation with Michael Chenetz. Listen on Substack: cs.co/6014bcMUn or watch here: cs.co/6015bcMUX

AI makes Helm tolerable